Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
P0HV8mjHS1.exe

Overview

General Information

Sample name:P0HV8mjHS1.exe
renamed because original name is a hash value
Original sample name:1d201eba6524ce8727dadf2031fc2b4a.exe
Analysis ID:1575788
MD5:1d201eba6524ce8727dadf2031fc2b4a
SHA1:dc6d2a38a1a9a1b8d934c565eaf027e0c7328980
SHA256:1d010229450de58155efd24ab76f0d4fa00b7da73e48f93a5660d2a5a9714881
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • P0HV8mjHS1.exe (PID: 6300 cmdline: "C:\Users\user\Desktop\P0HV8mjHS1.exe" MD5: 1D201EBA6524CE8727DADF2031FC2B4A)
    • taskkill.exe (PID: 7096 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7236 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7304 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7368 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7424 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7492 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7528 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 7544 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7812 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3b9f6ce-a2db-4f66-b756-766fc2b83bc7} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18dc9c70d10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7380 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3324 -prefMapHandle 3440 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67dcf0b4-d1ae-4ec7-aa63-1c099a10ae19} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18ddbc29e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8044 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5084 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 33202 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b902751-ce7d-4cf8-9dfc-af4768130874} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18de29d1d10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: P0HV8mjHS1.exe PID: 6300JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: P0HV8mjHS1.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: P0HV8mjHS1.exeReversingLabs: Detection: 47%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 95.7% probability
    Machine Learning detection for sample
    Source: P0HV8mjHS1.exeJoe Sandbox ML: detected
    Source: P0HV8mjHS1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.7:49805 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49807 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49809 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49810 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49811 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49887 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49888 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49892 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49889 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49890 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49891 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49893 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49894 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.19.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000013.00000003.1519342642.0000018DD732D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000013.00000003.1519342642.0000018DD732D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 00000013.00000003.1520245996.0000018DD7327000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.19.dr
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000013.00000003.1520245996.0000018DD7327000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_006FDBBE
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006CC2A2 FindFirstFileExW,0_2_006CC2A2
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_007068EE FindFirstFileW,FindClose,0_2_007068EE
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0070698F
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006FD076
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006FD3A9
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00709642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00709642
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0070979D
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00709B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00709B2B
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00705C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00705C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 208MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.65.91 151.101.65.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_0070CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 00000013.00000003.1415173056.0000018DDAA6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1496769185.0000018DE39CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1524646653.0000018DE39DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1359427118.0000018DE1B5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1359427118.0000018DE1B5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000013.00000003.1496769185.0000018DE39CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1524646653.0000018DE39DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1358488064.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1358488064.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359427118.0000018DE1B5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359427118.0000018DE1B5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000013.00000003.1503937685.0000018DDD2FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359637410.0000018DDD2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1503937685.0000018DDD2FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359637410.0000018DDD2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000013.00000003.1503937685.0000018DDD2FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359637410.0000018DDD2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1496769185.0000018DE39CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000013.00000003.1498676921.0000018DE20EB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489892211.0000018DE20EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000013.00000003.1506967132.0000018DDC34B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521959744.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520388754.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518815175.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1519674572.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518038585.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520712650.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521011367.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521474206.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.19.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521959744.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520388754.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518815175.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1519674572.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518038585.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520712650.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521011367.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521474206.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.19.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521959744.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520388754.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518815175.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1519674572.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518038585.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520712650.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521011367.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521474206.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.19.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 00000013.00000003.1524802273.0000018DE39CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 00000013.00000003.1525220927.0000018DE2E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 00000013.00000003.1504698582.0000018DDCF49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD443000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 00000013.00000003.1525220927.0000018DE2E5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1496769185.0000018DE3996000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 00000013.00000003.1357356843.0000018DE2023000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 00000013.00000003.1536546376.0000018DDA284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.o
    Source: firefox.exe, 00000013.00000003.1439563421.0000018DDA092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 00000013.00000003.1409333789.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1396221570.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450764797.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1404506243.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1413264495.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1422549887.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403778174.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1536604747.0000018DDA263000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1405386421.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1402792181.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1408832840.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 00000013.00000003.1430723886.0000018DD9CEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1416938851.0000018DDAD9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1358964983.0000018DE1B8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1408832840.0000018DE2AB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1408544720.0000018DDA9C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1529384321.0000018DD9905000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1380507811.0000018DE2594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1478727622.0000018DDAD54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1328210062.0000018DDA9EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1382442585.0000018DDAD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1446221375.0000018DDAD7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1504876183.0000018DDC5F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1449557435.0000018DDAD4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1468772435.0000018DE19AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1434864285.0000018DE19A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1410109938.0000018DE2A51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1472983704.0000018DDAD41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1416938851.0000018DDAD7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1421175893.0000018DDA29C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1474608758.0000018DDA9DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1531600077.0000018DDAD3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 00000013.00000003.1409333789.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1396221570.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450764797.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1404506243.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1413264495.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1422549887.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403778174.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1405386421.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1402792181.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1408832840.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521959744.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520388754.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518815175.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1519674572.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518038585.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520712650.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521011367.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521474206.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.19.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://ocsp.thawte.com0
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: gmpopenh264.dll.tmp.19.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 00000013.00000003.1352916094.0000018DDBD81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1352916094.0000018DDBD8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1509601188.0000018DDBD68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1352916094.0000018DDBDE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 00000013.00000003.1352916094.0000018DDBD81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1509601188.0000018DDBD68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulUv
    Source: mozilla-temp-41.19.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 00000013.00000003.1504876183.0000018DDC596000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 00000013.00000003.1496123890.0000018DE32DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1480077376.0000018DE32DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1488226051.0000018DE32DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 00000013.00000003.1492692466.0000018DE1A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 00000013.00000003.1359637410.0000018DDD2AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 00000013.00000003.1497529142.0000018DE3947000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1535395562.0000018DE394B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 00000013.00000003.1525724495.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497910031.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489412113.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 00000013.00000003.1356678298.0000018DE2065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489892211.0000018DE207D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527019800.0000018DE207D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1356678298.0000018DE207D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1498676921.0000018DE207D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000013.00000003.1498676921.0000018DE2065000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 00000013.00000003.1500308803.0000018DE1BC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1358563589.0000018DE1BBC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1506967132.0000018DDC34B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
    Source: firefox.exe, 00000013.00000003.1487785269.0000018DE5532000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 00000013.00000003.1508116473.0000018DDBFF4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000013.00000003.1359427118.0000018DE1B5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 00000013.00000003.1358563589.0000018DE1BA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 00000013.00000003.1528501770.0000018DE1AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1358964983.0000018DE1B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000013.00000003.1341715929.0000018DE195C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 00000013.00000003.1415173056.0000018DDAA6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497529142.0000018DE3947000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1535395562.0000018DE394B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 00000013.00000003.1500779897.0000018DE1B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 00000013.00000003.1478727622.0000018DDAD54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 00000013.00000003.1341715929.0000018DE195C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369326048.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369624126.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450729989.0000018DE2AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1440547802.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 0000001A.00000002.3125163640.000002AB33F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 00000013.00000003.1360301928.0000018DDA06D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 00000013.00000003.1360301928.0000018DDA06D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1361255417.0000018DDA092000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1361649278.0000018DDA095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 00000013.00000003.1497529142.0000018DE3935000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 00000013.00000003.1497812068.0000018DE2E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000001A.00000002.3125163640.000002AB33F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000013.00000003.1359637410.0000018DDD2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000013.00000003.1359637410.0000018DDD2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000018.00000002.3125103814.000002393E32F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33F30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000013.00000003.1359637410.0000018DDD2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 00000013.00000003.1503758605.0000018DDD4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000013.00000003.1359637410.0000018DDD2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 00000013.00000003.1341715929.0000018DE195C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 00000013.00000003.1468772435.0000018DE19AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1434864285.0000018DE19A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1438143300.0000018DE19A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 00000013.00000003.1468772435.0000018DE19AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1434864285.0000018DE19A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1438143300.0000018DE19A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 00000013.00000003.1415173056.0000018DDAA6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1488226051.0000018DE32C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1480077376.0000018DE32C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 00000013.00000003.1496123890.0000018DE32DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1480077376.0000018DE32DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497717482.0000018DE32E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1488226051.0000018DE32DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 00000013.00000003.1503758605.0000018DDD4C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.19.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 00000013.00000003.1497812068.0000018DE2E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/7b5a28b8-d203-4998-8631-23527
    Source: firefox.exe, 0000001A.00000002.3125163640.000002AB33FF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitg
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 00000013.00000003.1356678298.0000018DE2065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489892211.0000018DE206F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527019800.0000018DE206F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 00000013.00000003.1353601022.0000018DDAB8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 00000013.00000003.1353601022.0000018DDAB8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 00000013.00000003.1353601022.0000018DDAB8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 00000013.00000003.1504876183.0000018DDC596000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 00000013.00000003.1504876183.0000018DDC596000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 00000013.00000003.1415173056.0000018DDAA6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497529142.0000018DE3947000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1535395562.0000018DE394B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB872000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33F8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000013.00000003.1380400087.0000018DDADDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521959744.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520388754.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518815175.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1519674572.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518038585.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520712650.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521011367.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521474206.0000018DD7390000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000013.00000003.1404129979.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403288307.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406153508.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1407163182.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1381386291.0000018DDADEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1380400087.0000018DDADDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 00000013.00000003.1404129979.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403288307.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406153508.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1407163182.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1381386291.0000018DDADEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1380400087.0000018DDADDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 00000013.00000003.1488550288.0000018DE2EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000013.00000003.1506967132.0000018DDC34B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000013.00000003.1525220927.0000018DE2E5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000013.00000003.1506967132.0000018DDC34B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000013.00000003.1506967132.0000018DDC34B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 00000013.00000003.1478727622.0000018DDAD54000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000013.00000003.1488808613.0000018DE2E9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000013.00000003.1497812068.0000018DE2E84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 00000013.00000003.1501614790.0000018DE1ADC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1491317071.0000018DE1ADC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1528501770.0000018DE1ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000013.00000003.1528501770.0000018DE1ADC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000001A.00000002.3125163640.000002AB33F13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/CN=The
    Source: firefox.exe, 00000013.00000003.1528501770.0000018DE1ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000013.00000003.1525724495.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497910031.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489412113.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 00000013.00000003.1525724495.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497910031.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489412113.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: places.sqlite-wal.19.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 00000013.00000003.1352243316.0000018DDBFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1508728470.0000018DDBFB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 00000013.00000003.1480077376.0000018DE32CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 00000013.00000003.1535280991.0000018DE3961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1492118729.0000018DE1AA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489012656.0000018DE29CD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: places.sqlite-wal.19.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 00000013.00000003.1458480989.0000018DDC4A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1535895638.0000018DDC4A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1433442461.0000018DDC474000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 00000013.00000003.1504115167.0000018DDCF6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: places.sqlite-wal.19.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 00000013.00000003.1489892211.0000018DE2049000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
    Source: firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 00000013.00000003.1358563589.0000018DE1BA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000013.00000003.1508440023.0000018DDBFC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 00000013.00000003.1341715929.0000018DE195C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
    Source: firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369326048.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369624126.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450729989.0000018DE2AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1506967132.0000018DDC370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1440547802.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 00000013.00000003.1358488064.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 00000013.00000003.1358488064.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 00000013.00000003.1517318389.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1517837142.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521959744.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520388754.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518815175.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1519674572.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1518038585.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1520712650.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521011367.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1521474206.0000018DD7390000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.19.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 00000013.00000003.1358488064.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 00000013.00000003.1358488064.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 00000013.00000003.1344371659.0000018DE1D1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1343278536.0000018DE1952000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369326048.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369624126.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450729989.0000018DE2AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1440547802.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 00000013.00000003.1404129979.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403288307.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406153508.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1407163182.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1381386291.0000018DDADEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1380400087.0000018DDADDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 00000013.00000003.1404129979.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403288307.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406153508.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1407163182.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1381386291.0000018DDADEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1380400087.0000018DDADDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 00000013.00000003.1491317071.0000018DE1AC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1501614790.0000018DE1ACB000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.19.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000013.00000003.1508116473.0000018DDBFEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.19.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 00000013.00000003.1360301928.0000018DDA06D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1361255417.0000018DDA092000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1361649278.0000018DDA095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.19.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 00000013.00000003.1480077376.0000018DE32CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: targeting.snapshot.json.tmp.19.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 00000013.00000003.1489892211.0000018DE2049000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.19.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
    Source: firefox.exe, 00000013.00000003.1480077376.0000018DE32CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: places.sqlite-wal.19.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: places.sqlite-wal.19.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000001A.00000002.3125163640.000002AB33FF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/sr
    Source: firefox.exe, 00000013.00000003.1504876183.0000018DDC596000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359637410.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503986228.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 00000013.00000003.1525724495.0000018DE294D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489412113.0000018DE294D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497910031.0000018DE294D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 00000013.00000003.1450948624.0000018DE2A43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1496769185.0000018DE39CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1524646653.0000018DE39DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1453287133.0000018DD987B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000013.00000003.1359427118.0000018DE1B5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359637410.0000018DDD2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33F0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 00000013.00000003.1359637410.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503986228.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 00000013.00000003.1352916094.0000018DDBDD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 00000013.00000003.1506967132.0000018DDC3EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.19.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 0000001A.00000002.3127568354.000002AB340C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=ht
    Source: firefox.exe, 00000016.00000002.3125485416.000002C2BB790000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=htJ
    Source: firefox.exe, 00000013.00000003.1489892211.0000018DE20A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125485416.000002C2BB794000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3124166166.000002C2BB4BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3122038720.000002393E0A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3122038720.000002393E0AA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3123390593.000002393E234000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3123358644.000002AB33C0A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3123358644.000002AB33C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3127568354.000002AB340C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000011.00000002.1305493871.0000022D94D30000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.1311582563.000001EAC482A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000016.00000002.3124166166.000002C2BB4B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdG
    Source: firefox.exe, 00000013.00000003.1512682532.0000018DD7367000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1513139679.0000018DD736C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3124166166.000002C2BB4B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125485416.000002C2BB794000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3122038720.000002393E0A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3123390593.000002393E234000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3123358644.000002AB33C00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3127568354.000002AB340C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000016.00000002.3124166166.000002C2BB4BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdS
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
    Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
    Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49713 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49754 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49777 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49801 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49802 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.65.91:443 -> 192.168.2.7:49805 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49807 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49808 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49809 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49810 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49811 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49887 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49888 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49892 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49889 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49890 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49891 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49893 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49894 version: TLS 1.2
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0070EAFF
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0070ED6A
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_0070EAFF
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_006FAA57
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00729576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00729576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: P0HV8mjHS1.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: P0HV8mjHS1.exe, 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_7d2c3cf7-3
    Source: P0HV8mjHS1.exe, 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_1ecc6bed-9
    Source: P0HV8mjHS1.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_eb97a016-0
    Source: P0HV8mjHS1.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_da775e91-0
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E874E37 NtQuerySystemInformation,24_2_000002393E874E37
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E89A372 NtQuerySystemInformation,24_2_000002393E89A372
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_006FD5EB
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_006F1201
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_006FE8F6
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0069BF400_2_0069BF40
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006980600_2_00698060
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_007020460_2_00702046
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F82980_2_006F8298
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006CE4FF0_2_006CE4FF
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006C676B0_2_006C676B
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_007248730_2_00724873
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0069CAF00_2_0069CAF0
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006BCAA00_2_006BCAA0
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006ACC390_2_006ACC39
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006C6DD90_2_006C6DD9
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006AD07D0_2_006AD07D
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006AB1190_2_006AB119
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006991C00_2_006991C0
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B13940_2_006B1394
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B17060_2_006B1706
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B781B0_2_006B781B
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006A997D0_2_006A997D
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006979200_2_00697920
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B19B00_2_006B19B0
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B7A4A0_2_006B7A4A
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B1C770_2_006B1C77
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B7CA70_2_006B7CA7
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0071BE440_2_0071BE44
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006C9EEE0_2_006C9EEE
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B1F320_2_006B1F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E874E3724_2_000002393E874E37
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E89A37224_2_000002393E89A372
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E89AA9C24_2_000002393E89AA9C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E89A3B224_2_000002393E89A3B2
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: String function: 006B0A30 appears 46 times
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: String function: 006AF9F2 appears 40 times
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: String function: 00699CB3 appears 31 times
    Source: P0HV8mjHS1.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/38@70/12
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_007037B5 GetLastError,FormatMessageW,0_2_007037B5
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F10BF AdjustTokenPrivileges,CloseHandle,0_2_006F10BF
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_006F16C3
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_007051CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_007051CD
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_006FD4DC
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_0070648E
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006942A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_006942A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2460:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7432:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7376:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7244:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user~1\AppData\Local\Temp\firefoxJump to behavior
    Source: P0HV8mjHS1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: P0HV8mjHS1.exeReversingLabs: Detection: 47%
    Source: unknownProcess created: C:\Users\user\Desktop\P0HV8mjHS1.exe "C:\Users\user\Desktop\P0HV8mjHS1.exe"
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3b9f6ce-a2db-4f66-b756-766fc2b83bc7} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18dc9c70d10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3324 -prefMapHandle 3440 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67dcf0b4-d1ae-4ec7-aa63-1c099a10ae19} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18ddbc29e10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5084 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 33202 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b902751-ce7d-4cf8-9dfc-af4768130874} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18de29d1d10 utility
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3b9f6ce-a2db-4f66-b756-766fc2b83bc7} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18dc9c70d10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3324 -prefMapHandle 3440 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67dcf0b4-d1ae-4ec7-aa63-1c099a10ae19} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18ddbc29e10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5084 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 33202 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b902751-ce7d-4cf8-9dfc-af4768130874} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18de29d1d10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: P0HV8mjHS1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: P0HV8mjHS1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: P0HV8mjHS1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: P0HV8mjHS1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: P0HV8mjHS1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: P0HV8mjHS1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: P0HV8mjHS1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.19.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000013.00000003.1519342642.0000018DD732D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000013.00000003.1519342642.0000018DD732D000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 00000013.00000003.1520245996.0000018DD7327000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.19.dr
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 00000013.00000003.1520245996.0000018DD7327000.00000004.00000020.00020000.00000000.sdmp
    Source: P0HV8mjHS1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: P0HV8mjHS1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: P0HV8mjHS1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: P0HV8mjHS1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: P0HV8mjHS1.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006942DE
    Source: gmpopenh264.dll.tmp.19.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B0A76 push ecx; ret 0_2_006B0A89
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006AF232 push 00000000h; iretd 0_2_006AF23D
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006AF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_006AF98E
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00721C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00721C41
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96514
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E874E37 rdtsc 24_2_000002393E874E37
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_006FDBBE
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006CC2A2 FindFirstFileExW,0_2_006CC2A2
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_007068EE FindFirstFileW,FindClose,0_2_007068EE
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_0070698F
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006FD076
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_006FD3A9
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00709642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00709642
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0070979D
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00709B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00709B2B
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00705C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00705C97
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006942DE
    Source: firefox.exe, 00000018.00000002.3128367829.000002393E960000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxS
    Source: firefox.exe, 00000016.00000002.3124166166.000002C2BB4BA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3122038720.000002393E0AA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000016.00000002.3128444693.000002C2BB91C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 0000001A.00000002.3123358644.000002AB33C0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
    Source: firefox.exe, 0000001A.00000002.3127854164.000002AB340D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWB
    Source: firefox.exe, 00000016.00000002.3128936722.000002C2BBA00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3128367829.000002393E960000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 24_2_000002393E874E37 rdtsc 24_2_000002393E874E37
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_0070EAA2 BlockInput,0_2_0070EAA2
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006C2622
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006942DE
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B4CE8 mov eax, dword ptr fs:[00000030h]0_2_006B4CE8
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_006F0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006C2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006C2622
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_006B083F
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B09D5 SetUnhandledExceptionFilter,0_2_006B09D5
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_006B0C21
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_006F1201
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006D2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_006D2BA5
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006FB226 SendInput,keybd_event,0_2_006FB226
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_007122DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_007122DA
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_006F0B62
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006F1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_006F1663
    Source: P0HV8mjHS1.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: P0HV8mjHS1.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006B0698 cpuid 0_2_006B0698
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006ED21C GetLocalTime,0_2_006ED21C
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006ED27A GetUserNameW,0_2_006ED27A
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006CB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_006CB952
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_006942DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_006942DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: P0HV8mjHS1.exe PID: 6300, type: MEMORYSTR
    Source: P0HV8mjHS1.exeBinary or memory string: WIN_81
    Source: P0HV8mjHS1.exeBinary or memory string: WIN_XP
    Source: P0HV8mjHS1.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: P0HV8mjHS1.exeBinary or memory string: WIN_XPe
    Source: P0HV8mjHS1.exeBinary or memory string: WIN_VISTA
    Source: P0HV8mjHS1.exeBinary or memory string: WIN_7
    Source: P0HV8mjHS1.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: P0HV8mjHS1.exe PID: 6300, type: MEMORYSTR
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00711204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00711204
    Source: C:\Users\user\Desktop\P0HV8mjHS1.exeCode function: 0_2_00711806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00711806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575788 Sample: P0HV8mjHS1.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 P0HV8mjHS1.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 232 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.78, 443, 49706, 49707 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49709, 49715, 49716 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    P0HV8mjHS1.exe47%ReversingLabsWin32.Trojan.Amadey
    P0HV8mjHS1.exe100%AviraTR/ATRAPS.Gen
    P0HV8mjHS1.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.195.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.129
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.65.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.78
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		142.250.181.110
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.129.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000013.00000003.1359637410.0000018DDD2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://detectportal.firefox.com/firefox.exe, 00000013.00000003.1525220927.0000018DE2E5B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://datastudio.google.com/embed/reporting/firefox.exe, 00000013.00000003.1415173056.0000018DDAA6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497529142.0000018DE3947000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1535395562.0000018DE394B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.mozilla.com0gmpopenh264.dll.tmp.19.drfalse
                                                                              		high
                                                                              https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 00000013.00000003.1341715929.0000018DE195C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000016.00000002.3125975854.000002C2BB872000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E386000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33F8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.leboncoin.fr/firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://mozilla.ofirefox.exe, 00000013.00000003.1536546376.0000018DDA284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://spocs.getpocket.com/spocsfirefox.exe, 00000013.00000003.1528501770.0000018DE1ADC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://shavar.services.mozilla.comfirefox.exe, 00000013.00000003.1488808613.0000018DE2E9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://completion.amazon.com/search/complete?q=firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000013.00000003.1525724495.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497910031.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489412113.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://monitor.firefox.com/breach-details/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369326048.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369624126.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450729989.0000018DE2AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1506967132.0000018DDC370000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1440547802.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.msn.comfirefox.exe, 00000013.00000003.1504876183.0000018DDC596000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://github.com/mozilla-services/screenshotsfirefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://youtube.com/firefox.exe, 00000013.00000003.1506967132.0000018DDC3EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000013.00000003.1508116473.0000018DDBFF4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKfirefox.exe, 00000013.00000003.1489892211.0000018DE2049000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.instagram.com/firefox.exe, 00000013.00000003.1404129979.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403288307.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406153508.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1407163182.0000018DDADE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1381386291.0000018DDADEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1380400087.0000018DDADDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://api.accounts.firefox.com/v1firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.amazon.com/firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.youtube.com/firefox.exe, 00000013.00000003.1359427118.0000018DE1B5F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359637410.0000018DDD2E8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33F0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.bbc.co.uk/firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://youtube.com/account?=htJfirefox.exe, 00000016.00000002.3125485416.000002C2BB790000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000013.00000003.1359637410.0000018DDD2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33FC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://127.0.0.1:firefox.exe, 00000013.00000003.1506967132.0000018DDC34B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000013.00000003.1478727622.0000018DDAD54000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://bugzilla.mofirefox.exe, 00000013.00000003.1487785269.0000018DE5532000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000013.00000003.1525724495.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497910031.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489412113.0000018DE29AA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.19.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000013.00000003.1500779897.0000018DE1B98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://spocs.getpocket.com/firefox.exe, 00000013.00000003.1528501770.0000018DE1ADC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E312000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3125163640.000002AB33F13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.iqiyi.com/firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.19.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://spocs.getpocket.com/CN=Thefirefox.exe, 0000001A.00000002.3125163640.000002AB33F13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://monitor.firefox.com/aboutfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://mozilla.org/MPL/2.0/.firefox.exe, 00000013.00000003.1430723886.0000018DD9CEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1416938851.0000018DDAD9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1358964983.0000018DE1B8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1408832840.0000018DE2AB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1408544720.0000018DDA9C3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1529384321.0000018DD9905000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1380507811.0000018DE2594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1478727622.0000018DDAD54000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1328210062.0000018DDA9EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1382442585.0000018DDAD3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1446221375.0000018DDAD7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1504876183.0000018DDC5F5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1449557435.0000018DDAD4F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1468772435.0000018DE19AC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1434864285.0000018DE19A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1410109938.0000018DE2A51000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1472983704.0000018DDAD41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1416938851.0000018DDAD7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1421175893.0000018DDA29C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1474608758.0000018DDA9DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1531600077.0000018DDAD3C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://account.bellmedia.cfirefox.exe, 00000013.00000003.1504876183.0000018DDC596000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://login.microsoftonline.comfirefox.exe, 00000013.00000003.1504876183.0000018DDC596000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://coverage.mozilla.orgfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.19.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://www.zhihu.com/firefox.exe, 00000013.00000003.1359637410.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503986228.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 00000013.00000003.1466889865.0000018DE195B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://blocked.cdn.mozilla.net/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000013.00000003.1356678298.0000018DE2065000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1489892211.0000018DE206F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527019800.0000018DE206F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000013.00000003.1528061278.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500779897.0000018DE1B7A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://profiler.firefox.comfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://identity.mozilla.com/apps/relayfirefox.exe, 00000013.00000003.1496123890.0000018DE32DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1480077376.0000018DE32DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1497717482.0000018DE32E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1488226051.0000018DE32DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000013.00000003.1504115167.0000018DDCF6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000013.00000003.1480774183.0000018DD9538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1320087103.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1318766592.0000018DD9533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1319577730.0000018DD951E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 00000013.00000003.1494441573.0000018DE559C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1479861182.0000018DE5599000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000013.00000003.1528501770.0000018DE1AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503805079.0000018DDD44B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1358964983.0000018DE1B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://www.amazon.co.uk/firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 00000013.00000003.1497812068.0000018DE2E84000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://monitor.firefox.com/user/preferencesfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://screenshots.firefox.com/firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://www.google.com/searchfirefox.exe, 00000013.00000003.1317055656.0000018DD9942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317179704.0000018DD9963000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1317312990.0000018DD9983000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369326048.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316738670.0000018DD9922000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1369624126.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450729989.0000018DE2AF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1440547802.0000018DE2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1316603448.0000018DD9700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://gpuweb.github.io/gpuweb/firefox.exe, 00000013.00000003.1503563974.0000018DDD4EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://relay.firefox.com/api/v1/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.firefox.exe, 00000016.00000002.3125975854.000002C2BB8CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000018.00000002.3125103814.000002393E3E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001A.00000002.3128014882.000002AB34203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.19.drfalse
                                                                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://topsites.services.mozilla.com/cid/firefox.exe, 00000016.00000002.3125225724.000002C2BB700000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000018.00000002.3124415318.000002393E280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001A.00000002.3124608415.000002AB33DA0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://www.wykop.pl/firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://twitter.com/firefox.exe, 00000013.00000003.1358563589.0000018DE1BA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1527972679.0000018DE1F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1500142775.0000018DE1F46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://www.olx.pl/firefox.exe, 00000013.00000003.1353999201.0000018DDAB65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1351807929.0000018DE1F1A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1359637410.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1503986228.0000018DDD2E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      http://mozilla.org/Zfirefox.exe, 00000013.00000003.1409333789.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1396221570.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1450764797.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1404506243.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1413264495.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1422549887.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1403778174.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1405386421.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1406577030.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1402792181.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000003.1408832840.0000018DE2AD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                        34.149.100.209
                                                                                                                                                                                                                                                                        		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.107.243.93
                                                                                                                                                                                                                                                                        		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        151.101.65.91
                                                                                                                                                                                                                                                                        		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                        34.107.221.82
                                                                                                                                                                                                                                                                        		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.244.181.201
                                                                                                                                                                                                                                                                        		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.117.188.166
                                                                                                                                                                                                                                                                        		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                        35.201.103.21
                                                                                                                                                                                                                                                                        		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        142.250.181.78
                                                                                                                                                                                                                                                                        		youtube.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.190.72.216
                                                                                                                                                                                                                                                                        		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.160.144.191
                                                                                                                                                                                                                                                                        		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.120.208.123
                                                                                                                                                                                                                                                                        		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                        Analysis ID:1575788
                                                                                                                                                                                                                                                                        Start date and time:2024-12-16 10:32:00 +01:00
                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                        Overall analysis duration:0h 8m 4s
                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:31
                                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                        Sample name:P0HV8mjHS1.exe
                                                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                                                        Original Sample Name:1d201eba6524ce8727dadf2031fc2b4a.exe
                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                        Classification:mal80.troj.evad.winEXE@34/38@70/12
                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 96%
                                                                                                                                                                                                                                                                        • Number of executed functions: 51
                                                                                                                                                                                                                                                                        • Number of non-executed functions: 287
                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 35.85.93.176, 54.213.181.160, 44.228.225.150, 172.217.17.46, 88.221.134.209, 88.221.134.155, 172.217.17.74, 142.250.181.138, 13.107.246.63, 23.218.208.109, 172.202.163.200
                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, time.windows.com, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                        • VT rate limit hit for: P0HV8mjHS1.exe

                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        34.117.188.166mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                          mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                          34.149.100.209mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            151.101.65.91mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        Pl8Tb06C8A.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                example.orgmdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                star-mini.c10r.facebook.commdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 157.240.196.35

                                                                                                                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGmdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.135.65
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 34.119.157.208
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                FASTLYUSmdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                https://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                https://omnirayoprah.cfd/orzbqGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.2.137
                                                                                                                                                                                                                                                                                                                                https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-7DW79067WM944534C%2FU-3RN06382B68072443%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=mv2NVEuUR9VvkcyUJ89EG.tzUFO5CbJFQUTSWg&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-7DW79067WM944534C%2FU-3RN06382B68072443%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3Dmv2NVEuUR9VvkcyUJ89EG.tzUFO5CbJFQUTSWg%22%7D%7D&flowContextData=3VhkG6GfeMFpPs0RyY94VfaPuu2gnDuZkT0vO2-Owy5Q0TLELhHoBl0C3rYOuScB-P1puLFiHoe8q1yHNkorMrsQ-kVAt54br43PgY3iTrhwRm0aS_TYpgjIbliH5dfDJJr3q03bJkAa9vLd7Cr3oAjCQ5rfmoQCALWFn-qszHw7Rd_aj20-SECud0ZSxh-oKENUYjnmdRqAckr48r-ddvc-Vgo4zQnu7JkI5YB_1CxdutYkC-X7iD96T-7aDJhAmyxkfGKQ53prsK5Kys2hLiVrkCjSURM1RSmWzlwznlByQzHhv1R0VrGdaW03mCZt_U0pKOeWAwiNac8f&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=16a0a3c3-b960-11ef-862e-f3094488c6dd&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=16a0a3c3-b960-11ef-862e-f3094488c6dd&calc=f53338153f55e&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.295.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signinGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.193.21
                                                                                                                                                                                                                                                                                                                                http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 151.101.65.16
                                                                                                                                                                                                                                                                                                                                IGz.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                • 167.83.97.28
                                                                                                                                                                                                                                                                                                                                ATGS-MMD-ASUSmdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 192.56.124.79
                                                                                                                                                                                                                                                                                                                                arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 56.55.47.44
                                                                                                                                                                                                                                                                                                                                arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 32.250.10.46
                                                                                                                                                                                                                                                                                                                                sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 51.237.32.223
                                                                                                                                                                                                                                                                                                                                ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 48.169.33.91
                                                                                                                                                                                                                                                                                                                                mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 33.210.242.0
                                                                                                                                                                                                                                                                                                                                arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                • 51.230.252.202

                                                                                                                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                fb0aa01abe9d8e4037eb3473ca6e2dcamdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpmdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            6eftz6UKDm.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_f66a708d-80ab-4550-9990-99cb748da460.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7957
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1798168457635105
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:UMvMXq0fcbhbVbTbfbRbObtbyEl7nYrqJA6unSrDtTkd/S9PS:UFTcNhnzFSJ4r51nSrDhkd/cPS
                                                                                                                                                                                                                                                                                                                                                                    MD5:3443C8281E87AED5F3948F75F3EED3CB
                                                                                                                                                                                                                                                                                                                                                                    SHA1:2EAB7E222E782CBD5D0739DAAD67057FA6185F98
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C1A0FBD280D04B4553E83645B3CCEDFB8EF01BFA2E0C481ADBEA4CD610EDF10A
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2DD4503A91CF977FE88D409841C4167AEC0A8EE809D9524F74F4D83E94F93F3C67237C8EE980AB1189D88E9C459AD44CE7F19859FACC32B2884EDA6B6FDB279A
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"f66a708d-80ab-4550-9990-99cb748da460","creationDate":"2024-12-16T10:45:38.643Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                    C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_f66a708d-80ab-4550-9990-99cb748da460.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):7957
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.1798168457635105
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:UMvMXq0fcbhbVbTbfbRbObtbyEl7nYrqJA6unSrDtTkd/S9PS:UFTcNhnzFSJ4r51nSrDhkd/cPS
                                                                                                                                                                                                                                                                                                                                                                    MD5:3443C8281E87AED5F3948F75F3EED3CB
                                                                                                                                                                                                                                                                                                                                                                    SHA1:2EAB7E222E782CBD5D0739DAAD67057FA6185F98
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:C1A0FBD280D04B4553E83645B3CCEDFB8EF01BFA2E0C481ADBEA4CD610EDF10A
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:2DD4503A91CF977FE88D409841C4167AEC0A8EE809D9524F74F4D83E94F93F3C67237C8EE980AB1189D88E9C459AD44CE7F19859FACC32B2884EDA6B6FDB279A
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"type":"uninstall","id":"f66a708d-80ab-4550-9990-99cb748da460","creationDate":"2024-12-16T10:45:38.643Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                    MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                    SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                    MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                    SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3150214574158507
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:VDdf7hAu9TIUx2dWoM15JzLN8zmYDdf7hAu9swM+bpoqdWoM15JzLFX1RgmiDdfB:NdOBUgdwuzTdOX6BdwChdOXadww1
                                                                                                                                                                                                                                                                                                                                                                    MD5:C3A901753387104E8D876E9F7E184BFF
                                                                                                                                                                                                                                                                                                                                                                    SHA1:69C5CCDA5D24BC9B31A0EF94C93760431E06176A
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:54153770142E85E1BB643DF5AA67771FA0FE49B3515700C9E39017B928D3F48C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D3F7B8F9CE3C626ECD3AB2FF789807A014B6BFDAE50CE3F6D7284D0ACCD0799C0F53639D4029077B7D8A6B745D11D01529DF86DCFB1503AAB1EE67363CA84170
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p........1^..O..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.I.Y.U....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.U............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.U..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............w?_.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3150214574158507
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:VDdf7hAu9TIUx2dWoM15JzLN8zmYDdf7hAu9swM+bpoqdWoM15JzLFX1RgmiDdfB:NdOBUgdwuzTdOX6BdwChdOXadww1
                                                                                                                                                                                                                                                                                                                                                                    MD5:C3A901753387104E8D876E9F7E184BFF
                                                                                                                                                                                                                                                                                                                                                                    SHA1:69C5CCDA5D24BC9B31A0EF94C93760431E06176A
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:54153770142E85E1BB643DF5AA67771FA0FE49B3515700C9E39017B928D3F48C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D3F7B8F9CE3C626ECD3AB2FF789807A014B6BFDAE50CE3F6D7284D0ACCD0799C0F53639D4029077B7D8A6B745D11D01529DF86DCFB1503AAB1EE67363CA84170
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p........1^..O..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.I.Y.U....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.U............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.U..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............w?_.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MWWDC0JEE15YJXSWCC34.temp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3150214574158507
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:VDdf7hAu9TIUx2dWoM15JzLN8zmYDdf7hAu9swM+bpoqdWoM15JzLFX1RgmiDdfB:NdOBUgdwuzTdOX6BdwChdOXadww1
                                                                                                                                                                                                                                                                                                                                                                    MD5:C3A901753387104E8D876E9F7E184BFF
                                                                                                                                                                                                                                                                                                                                                                    SHA1:69C5CCDA5D24BC9B31A0EF94C93760431E06176A
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:54153770142E85E1BB643DF5AA67771FA0FE49B3515700C9E39017B928D3F48C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D3F7B8F9CE3C626ECD3AB2FF789807A014B6BFDAE50CE3F6D7284D0ACCD0799C0F53639D4029077B7D8A6B745D11D01529DF86DCFB1503AAB1EE67363CA84170
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p........1^..O..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.I.Y.U....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.U............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.U..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............w?_.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SRRAER31CX15Q6X11JPQ.temp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.3150214574158507
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:VDdf7hAu9TIUx2dWoM15JzLN8zmYDdf7hAu9swM+bpoqdWoM15JzLFX1RgmiDdfB:NdOBUgdwuzTdOX6BdwChdOXadww1
                                                                                                                                                                                                                                                                                                                                                                    MD5:C3A901753387104E8D876E9F7E184BFF
                                                                                                                                                                                                                                                                                                                                                                    SHA1:69C5CCDA5D24BC9B31A0EF94C93760431E06176A
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:54153770142E85E1BB643DF5AA67771FA0FE49B3515700C9E39017B928D3F48C
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D3F7B8F9CE3C626ECD3AB2FF789807A014B6BFDAE50CE3F6D7284D0ACCD0799C0F53639D4029077B7D8A6B745D11D01529DF86DCFB1503AAB1EE67363CA84170
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:...................................FL..................F.@.. ...p........1^..O..........S...........................P.O. .:i.....+00.../C:\.....................1.....EW.=..PROGRA~1..t......O.I.Y.U....B...............J.......z.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y.U............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y.U..............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z............w?_.....C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.944047270084879
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBL1G8P:8S+Oc+UAOdwiOdKeQjDL1G8P
                                                                                                                                                                                                                                                                                                                                                                    MD5:638757459BED9809057FF1A8D2F5C96F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CC07D07FEFF2BD9A5BB6B0F52CD6E3301AE904FF
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2799A56E577F1D4C8E0B21A3FCD85BE45961A909467F64ECB930D2FB0B2A6BF4
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C28CE6CFC41349C3A1D56C9F145A83207AAC080E49F9BF3FFE781103344C0ADA8E8AB9C90CBBDF69A15A03AECF04203C174D48B7D3E9099E1093676ECB0A3F40
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.944047270084879
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBL1G8P:8S+Oc+UAOdwiOdKeQjDL1G8P
                                                                                                                                                                                                                                                                                                                                                                    MD5:638757459BED9809057FF1A8D2F5C96F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CC07D07FEFF2BD9A5BB6B0F52CD6E3301AE904FF
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:2799A56E577F1D4C8E0B21A3FCD85BE45961A909467F64ECB930D2FB0B2A6BF4
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:C28CE6CFC41349C3A1D56C9F145A83207AAC080E49F9BF3FFE781103344C0ADA8E8AB9C90CBBDF69A15A03AECF04203C174D48B7D3E9099E1093676ECB0A3F40
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5318
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                                                                                                                                                                    MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                                                                                                                                                                    SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):5318
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                                                                                                                                                                    MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                                                                                                                                                                    SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                    MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                    SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                    MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                    MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                    SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                                                                                                                                                                    MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                                                                                                                                                                    SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                                                                                                                                                                    MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                                                                                                                                                                    SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                    MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                    SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                    MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: mdPov8VTwi.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: nmy4mJXEaz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: 6eftz6UKDm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                    MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.07333858257979299
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiHlll:DLhesh7Owd4+jiHl/
                                                                                                                                                                                                                                                                                                                                                                    MD5:A10C681817FBAE233B86D279BC6BED24
                                                                                                                                                                                                                                                                                                                                                                    SHA1:5B74DE109DFFC09E2A060FAC1377625147FF4465
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:48C1EF4EF1F0EB5B38D34622195CEC99EF54D716B04E5A0CC3A25DCE92E9E50E
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:518ABDC3DD10D3043B7B33A3BA57140482DC3CCA50634EF9564132224023D2AAF5973F0BDB7B57F1DF2D4BB3BB8F1D958598526E8F3665EAAC7BDF5BABC8C349
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.039423168139353294
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:GHlhV4Woi8l8l5s/lHlhV4Woi8l8l5Tlwl8a9//Ylll4llqlyllel4lt:G7V4Hi8mo7V4Hi8mHlQL9XIwlio
                                                                                                                                                                                                                                                                                                                                                                    MD5:B3CEE1098CFC86F9893D2C0412945BC3
                                                                                                                                                                                                                                                                                                                                                                    SHA1:37867FED22BA149E7A41B65A62F944C297277818
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:B07CF6FD0F5F83415FA392ADEE35DAE33601F3E69E791CAB61DED40B5CA645A8
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:D59095672D50E35ABA78C203D2E212F0748F7BC654E1D7004499CA3DFB8987F97DDE4251B7C7FC644F47462ECED28EC6EB144F567DE79DE415E053CA25615C54
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:..-......................=p.,S....=J.Yye...`.mV..-......................=p.,S....=J.Yye...`.mV........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.11461382261628242
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:KjnztefkGOLxsZ+BWFexsMl+4UC0yWUCiYCCQE/5SKCwCfxsacQHATwlow0VZ2iC:yzkMGyQwWFmJxHWsYSHVccOvZk
                                                                                                                                                                                                                                                                                                                                                                    MD5:367083ACFC252C976F2CCB3F7196AD3F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:7BBCFAA46EEE22DDEF3DECDEF9DC2597F3C514A4
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:E4DA4A4514D18E230DE7A405BA5F9380EC894CA32C456B14EABFBF8C148A63C5
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:6510D26FE984425E7859F0386568A24460346BD961BEC561D0218975F7EC8EC901F6B2B2D6365C81607B8FC1283BAE29B3F224A31D5EE9F88E67A9E9943C74DF
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:7....-.............=J.Yy....EQ.............=J.Yy...#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13214
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.478691856053735
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:ltnSRkyYbBp6aNqUCaX06VrCNBfZ5RHNBw8dMnSl:yeBqUPFurPwx0
                                                                                                                                                                                                                                                                                                                                                                    MD5:D114A520C4BA8AED326F1B70BFCE192F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:4A3E17C1B499A58456E21F8B8B3C8BC2C07E38A6
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:99432A8C6FCF083C80875D079418C8D024C5936CD109FE437DB9AD6334CFC7E5
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F5DEDEA997520F7F16D8D780D5C62677DF2F8D1ABDC7E59EF15D79707CE044E642543EA1B407DBE13A8ABAC8BFCC66B4D6F1D736E21D841B799FAEEDB3E41E6C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734345908);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734345908);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734345908);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173434

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):13214
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.478691856053735
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:192:ltnSRkyYbBp6aNqUCaX06VrCNBfZ5RHNBw8dMnSl:yeBqUPFurPwx0
                                                                                                                                                                                                                                                                                                                                                                    MD5:D114A520C4BA8AED326F1B70BFCE192F
                                                                                                                                                                                                                                                                                                                                                                    SHA1:4A3E17C1B499A58456E21F8B8B3C8BC2C07E38A6
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:99432A8C6FCF083C80875D079418C8D024C5936CD109FE437DB9AD6334CFC7E5
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:F5DEDEA997520F7F16D8D780D5C62677DF2F8D1ABDC7E59EF15D79707CE044E642543EA1B407DBE13A8ABAC8BFCC66B4D6F1D736E21D841B799FAEEDB3E41E6C
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734345908);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734345908);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734345908);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173434

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                    MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                    SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                    MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                    SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.330937158557164
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxS7RLXnIgj/pnxQwRlszT5sKhiLr3eHVVPNZTjamhuj33OOcUb2mifj:GUpOxs1nR6q3etZTj4HedHd
                                                                                                                                                                                                                                                                                                                                                                    MD5:4524247396A8BDC6EC52540717707C3A
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F98E8B044EF2420CC0A469F5A054A6D41543F5DB
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:68F36E237F0C26F738BB4F4E7EB29A127E1FEBE36F4490BC5F35C4992C4146EE
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:1F6D09FCAC3E57D932C8DD32545AC478FBFAB06EE8EBE44A028CC09E4FDF00334A26A37C6BE3B8099583B2CF1AB7B2956E878E6D6B2A17EB921469615E536FA1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{04abb457-f125-49d2-9cde-33d587561233}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734345912951,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`878143...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....887988,"originA...

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.330937158557164
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxS7RLXnIgj/pnxQwRlszT5sKhiLr3eHVVPNZTjamhuj33OOcUb2mifj:GUpOxs1nR6q3etZTj4HedHd
                                                                                                                                                                                                                                                                                                                                                                    MD5:4524247396A8BDC6EC52540717707C3A
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F98E8B044EF2420CC0A469F5A054A6D41543F5DB
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:68F36E237F0C26F738BB4F4E7EB29A127E1FEBE36F4490BC5F35C4992C4146EE
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:1F6D09FCAC3E57D932C8DD32545AC478FBFAB06EE8EBE44A028CC09E4FDF00334A26A37C6BE3B8099583B2CF1AB7B2956E878E6D6B2A17EB921469615E536FA1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{04abb457-f125-49d2-9cde-33d587561233}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734345912951,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`878143...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....887988,"originA...

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):1568
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.330937158557164
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:v+USUGlcAxS7RLXnIgj/pnxQwRlszT5sKhiLr3eHVVPNZTjamhuj33OOcUb2mifj:GUpOxs1nR6q3etZTj4HedHd
                                                                                                                                                                                                                                                                                                                                                                    MD5:4524247396A8BDC6EC52540717707C3A
                                                                                                                                                                                                                                                                                                                                                                    SHA1:F98E8B044EF2420CC0A469F5A054A6D41543F5DB
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:68F36E237F0C26F738BB4F4E7EB29A127E1FEBE36F4490BC5F35C4992C4146EE
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:1F6D09FCAC3E57D932C8DD32545AC478FBFAB06EE8EBE44A028CC09E4FDF00334A26A37C6BE3B8099583B2CF1AB7B2956E878E6D6B2A17EB921469615E536FA1
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{04abb457-f125-49d2-9cde-33d587561233}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734345912951,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..`878143...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..eexpiry....887988,"originA...

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                    MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                    SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0371255844847225
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YrSAY0teUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAct:yc0t+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                    MD5:D86562CB2331A34853A853919BD85446
                                                                                                                                                                                                                                                                                                                                                                    SHA1:24723C8300BEDE57E80EC77A2C20A74E8866CD44
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:67D3BBCD48BAF92187D96BE76F97F14692046C415E0AE0A4E7158A25347F5272
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B3BDC189038F69BBFFC1FF7CDF3B0FA96F87D845649AEDCA54AB2F71C519A20D1F1A859C17ACD48F04C1615FAB6C7CD3D40F2DAD8AF96C83676F9D7C19554757
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T10:44:57.880Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                                                                                    Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0371255844847225
                                                                                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:48:YrSAY0teUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAct:yc0t+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                    MD5:D86562CB2331A34853A853919BD85446
                                                                                                                                                                                                                                                                                                                                                                    SHA1:24723C8300BEDE57E80EC77A2C20A74E8866CD44
                                                                                                                                                                                                                                                                                                                                                                    SHA-256:67D3BBCD48BAF92187D96BE76F97F14692046C415E0AE0A4E7158A25347F5272
                                                                                                                                                                                                                                                                                                                                                                    SHA-512:B3BDC189038F69BBFFC1FF7CDF3B0FA96F87D845649AEDCA54AB2F71C519A20D1F1A859C17ACD48F04C1615FAB6C7CD3D40F2DAD8AF96C83676F9D7C19554757
                                                                                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                                                                                    Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-16T10:44:57.880Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.703271648634464
                                                                                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                    File name:P0HV8mjHS1.exe
                                                                                                                                                                                                                                                                                                                                                                    File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5:1d201eba6524ce8727dadf2031fc2b4a
                                                                                                                                                                                                                                                                                                                                                                    SHA1:dc6d2a38a1a9a1b8d934c565eaf027e0c7328980
                                                                                                                                                                                                                                                                                                                                                                    SHA256:1d010229450de58155efd24ab76f0d4fa00b7da73e48f93a5660d2a5a9714881
                                                                                                                                                                                                                                                                                                                                                                    SHA512:97db4a138f12ea31377017d7dabbbd60a3332fb631d9fe295c4e8ff8b455d270489896c9a085462e29063721b64f78aca40f4812ae41204b28c1aafef592a4a2
                                                                                                                                                                                                                                                                                                                                                                    SSDEEP:24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8a0hQ:yTvC/MTQYxsWR7a0
                                                                                                                                                                                                                                                                                                                                                                    TLSH:8425AE0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                                                                                    Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                    Time Stamp:0x675EF539 [Sun Dec 15 15:26:49 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                    OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                    OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                    File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                    File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                    Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                                                                                    call 00007F62587AF7D3h
                                                                                                                                                                                                                                                                                                                                                                    jmp 00007F62587AF0DFh
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    call 00007F62587AF2BDh
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    call 00007F62587AF28Ah
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                    add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    call 00007F62587B1E7Dh
                                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                                    mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                    pop esi
                                                                                                                                                                                                                                                                                                                                                                    pop ebp
                                                                                                                                                                                                                                                                                                                                                                    retn 0004h
                                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    call 00007F62587B1EC8h
                                                                                                                                                                                                                                                                                                                                                                    pop ecx
                                                                                                                                                                                                                                                                                                                                                                    ret
                                                                                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                                                                                    mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                    mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                                                                                    call 00007F62587B1EB1h
                                                                                                                                                                                                                                                                                                                                                                    test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                    pop ecx

                                                                                                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                    • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x16520.rsrc
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                    .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                    .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                    .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                    .rsrc0xd40000x165200x166002add8f91be40f4c34d2499a56a6076e4False0.7037032995810056data7.176189251970027IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                    .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                    RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                    RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                    RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                    RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                    RT_RCDATA0xdc8fc0xd6a2data1.0004731918611
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xe9fa00x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xea0180x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xea02c0x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0xea0400x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                    RT_VERSION0xea0540xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                    RT_MANIFEST0xea1300x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                                                                                    WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                    VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                    MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                    WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                    IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                    USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                    USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                    GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                    COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                    SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                    OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                    EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065150023 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065190077 CET44349706142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065299988 CET49707443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065330029 CET44349707142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065460920 CET49708443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065493107 CET4434970835.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.066029072 CET49708443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.066106081 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.066107035 CET49707443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.071717024 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.071738958 CET44349706142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.072997093 CET49707443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.073012114 CET44349707142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.074238062 CET49708443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.074273109 CET4434970835.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.074573040 CET4970980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.194330931 CET804970934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.194669962 CET4970980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.194669962 CET4970980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.314620972 CET804970934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.389161110 CET49711443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.389209032 CET4434971134.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.389358044 CET49711443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.390753031 CET49711443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.390780926 CET4434971134.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.400904894 CET49712443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.400943995 CET4434971234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.407763958 CET49712443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.409466028 CET49712443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.409482002 CET4434971234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.496476889 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.496520042 CET4434971335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.499644041 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.499923944 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.499933004 CET4434971335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.282172918 CET804970934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.292560101 CET4434970835.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.299341917 CET4434970835.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.303262949 CET49708443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.335700035 CET4970980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.417475939 CET4970980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.428179026 CET49708443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.428210974 CET4434970835.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.428359032 CET49708443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.428659916 CET4434970835.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.433043957 CET49708443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.537760019 CET804970934.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.537847996 CET4970980192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.617813110 CET4434971134.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.618287086 CET49711443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.640932083 CET4434971234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.640943050 CET4434971234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.641027927 CET49712443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.718063116 CET4434971335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.718158960 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.770725965 CET44349707142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.771457911 CET44349707142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.777038097 CET44349706142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.777034998 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.777113914 CET4434971335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.777757883 CET44349706142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.778050900 CET4434971335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.779342890 CET44349707142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.781193018 CET49711443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.781275988 CET4434971134.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.781723022 CET4434971134.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.783338070 CET44349706142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.784419060 CET49707443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.784487963 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.786145926 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.786149025 CET49711443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.786302090 CET49711443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.786335945 CET4434971134.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.799895048 CET49712443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.799932957 CET4434971234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.800069094 CET49712443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.800163984 CET4434971234.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.800750971 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.800928116 CET4434971335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.800939083 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.800949097 CET4434971335.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.801445961 CET49707443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.801461935 CET44349707142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.801503897 CET49707443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.801713943 CET44349707142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.804094076 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.804094076 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.804111004 CET44349706142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.804332018 CET44349706142.250.181.78192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.805762053 CET49712443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.805797100 CET49713443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.805840969 CET49707443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.807058096 CET49706443192.168.2.7142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.931241989 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.931339979 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.015909910 CET49717443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.015968084 CET4434971734.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.016937971 CET49717443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.018347025 CET49717443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.018376112 CET4434971734.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.026216984 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.026262045 CET4434971834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.026407957 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.026536942 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.026552916 CET4434971834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.051256895 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.051311016 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.051362038 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.051516056 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.053220987 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.053416014 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.171185017 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.173218012 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.136064053 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.138869047 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.204742908 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.204854965 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.235719919 CET4434971734.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.236037016 CET49717443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.241511106 CET4434971834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.247328997 CET4434971834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.251707077 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.254581928 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.254587889 CET4434971834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.254906893 CET4434971834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.257062912 CET49717443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.257062912 CET49717443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.257098913 CET4434971734.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.257338047 CET4434971734.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.257488012 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.257503033 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.258987904 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.259052992 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.259156942 CET4434971834.160.144.191192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.259407043 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.259471893 CET49718443192.168.2.734.160.144.191
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.259618998 CET49717443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.261406898 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.261406898 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.261430025 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:09.479965925 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:09.480055094 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:09.485496044 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:09.485511065 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:09.485601902 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:09.485692024 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:09.485748053 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.434150934 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.553817987 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.715687990 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.748181105 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.807723999 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.835341930 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.030272961 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.070830107 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.095892906 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.215636969 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.410707951 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.456387997 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.060478926 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.180545092 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.375395060 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.416179895 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.471934080 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.473737955 CET49746443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.473795891 CET4434974634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.474577904 CET49746443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.475934982 CET49746443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.475944996 CET4434974634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.642144918 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.882258892 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.933022022 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.746299028 CET4434974634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.746398926 CET49746443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.752108097 CET49746443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.752124071 CET4434974634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.752183914 CET49746443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.752300978 CET4434974634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.752358913 CET49746443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.943191051 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.063226938 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.258238077 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.308018923 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.433785915 CET49752443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.433835030 CET4434975234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.434066057 CET49752443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.435491085 CET49752443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.435511112 CET4434975234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.466886997 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.586639881 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.667798996 CET49753443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.667835951 CET4434975334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.668427944 CET49753443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.669650078 CET49753443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.669658899 CET4434975334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.782316923 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.821841955 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.821882963 CET4434975435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.822483063 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.822632074 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.822639942 CET4434975435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.825258017 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:19.657293081 CET4434975234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:19.657371044 CET49752443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:19.887936115 CET4434975334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:19.888300896 CET49753443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.045382023 CET4434975435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.045469046 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.189086914 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.189112902 CET4434975435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.189505100 CET4434975435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195121050 CET49752443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195148945 CET4434975234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195220947 CET49752443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195349932 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195396900 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195410013 CET4434975234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195533991 CET4434975435.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195553064 CET49753443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195553064 CET49753443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195584059 CET4434975334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195885897 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195904970 CET49752443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.195910931 CET49754443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.196346045 CET4434975334.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.197993994 CET49753443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.446854115 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.566631079 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.761446953 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.815383911 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.779901981 CET49765443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.779933929 CET4434976534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.782159090 CET49765443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.783802986 CET49765443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.783816099 CET4434976534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.930846930 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.944756985 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.944782972 CET4434976634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.949997902 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.950263977 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.950284958 CET4434976634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.960186958 CET49767443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.960241079 CET4434976734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.960777044 CET49767443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.961894035 CET49767443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.961909056 CET4434976734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:22.050548077 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:22.245019913 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:22.288567066 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:22.994601965 CET4434976534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:22.994693041 CET49765443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.014259100 CET49765443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.014295101 CET4434976534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.014374971 CET49765443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.014554024 CET4434976534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.016597986 CET49768443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.016689062 CET4434976834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.017137051 CET49765443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.017184019 CET49768443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.018567085 CET49768443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.018609047 CET4434976834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.018968105 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.021172047 CET49769443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.021209002 CET4434976934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.021550894 CET49769443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.023139000 CET49769443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.023170948 CET4434976934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.138849020 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.168498993 CET4434976634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.168601990 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.171766043 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.171772003 CET4434976634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.172223091 CET4434976634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.173432112 CET4434976734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.173511982 CET49767443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.176229954 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.176357985 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.176419973 CET4434976634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.177545071 CET49766443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.178400040 CET49767443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.178400040 CET49767443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.178411961 CET4434976734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.178560972 CET4434976734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.180068970 CET49767443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.333375931 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.376595974 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.771115065 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.785701036 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.785805941 CET4434977534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.785965919 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.786114931 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.786135912 CET4434977534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.789113998 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.790626049 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.790663004 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.790760994 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.790883064 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.790894032 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792169094 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792232037 CET4434977734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792305946 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792387962 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792407990 CET4434977834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792462111 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792478085 CET4434977734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.792969942 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.793086052 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.793111086 CET4434977834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.890789032 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.908749104 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.085571051 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.103473902 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.141148090 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.156827927 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.230518103 CET4434976834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.230606079 CET49768443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.236676931 CET49768443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.236726999 CET4434976834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.236762047 CET49768443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.236898899 CET4434976834.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.236962080 CET49768443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.240959883 CET4434976934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.241038084 CET49769443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.245204926 CET49769443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.245218039 CET4434976934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.245279074 CET49769443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.245419025 CET4434976934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.247081995 CET49769443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.538948059 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.541635990 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.658745050 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.661420107 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.853437901 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.856151104 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.860179901 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.896661997 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.980001926 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.002516985 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.002604008 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.003921032 CET4434977534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.004017115 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.006066084 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.006074905 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.006329060 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.008960009 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.008972883 CET4434977534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.009890079 CET4434977534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.010637999 CET4434977734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.010987043 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.011250973 CET4434977834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.012521982 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.013439894 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.013453960 CET4434977734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.013698101 CET4434977734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.016398907 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.016433001 CET4434977834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.016655922 CET4434977834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.018141985 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.018179893 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.018301010 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.018347025 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.018363953 CET4434977634.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.018636942 CET4434977534.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.022351027 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.022424936 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.022794008 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.022814035 CET4434977734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.022855043 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.023274899 CET4434977834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.024426937 CET49775443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.024451017 CET49777443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.024457932 CET49778443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.024491072 CET49776443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.025979042 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.028647900 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.028708935 CET4434977934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.030113935 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.030231953 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.030251026 CET4434977934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.036156893 CET49780443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.036205053 CET4434978034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.036267042 CET49780443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.037568092 CET49780443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.037599087 CET4434978034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.145709991 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.174916983 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.228707075 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.345845938 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.349323988 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.398050070 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.469083071 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.663603067 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.714530945 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.239697933 CET4434977934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.239797115 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.243428946 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.243459940 CET4434977934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.243715048 CET4434977934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.246225119 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.246365070 CET4434977934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.246370077 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.246392012 CET4434977934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.246553898 CET49779443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.249077082 CET4434978034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.249209881 CET49780443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.251327038 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.253859043 CET49780443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.253884077 CET4434978034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.253947020 CET49780443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.254053116 CET4434978034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.254167080 CET49780443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.257363081 CET49786443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.257411003 CET4434978634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.257550955 CET49786443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.258908987 CET49786443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.258925915 CET4434978634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.371061087 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.566210985 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.572678089 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.617201090 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.692375898 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.887012959 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.933595896 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.469153881 CET4434978634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.475338936 CET4434978634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.476357937 CET49786443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.480603933 CET49786443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.480612993 CET4434978634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.480731010 CET49786443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.480772018 CET4434978634.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.483515024 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.486160994 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.486191034 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.486716032 CET49786443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.486752987 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.488260031 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.488274097 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.603341103 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.797921896 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.801177025 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.837587118 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.920953035 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.115730047 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.160636902 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.701071024 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.701173067 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.706274986 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.706289053 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.706413031 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.706430912 CET4434978734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.706554890 CET49787443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.709286928 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.829044104 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.023637056 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.028742075 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.063222885 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.148555994 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.346853971 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.395335913 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.234956980 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.235013008 CET4434980135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.250468016 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.250658035 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.250682116 CET4434980135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.254374981 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.254374981 CET49803443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.254404068 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.254409075 CET4434980335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.256337881 CET49803443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.256402969 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.257818937 CET49803443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.257831097 CET4434980335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.258038044 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.258048058 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.373784065 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.373817921 CET44349805151.101.65.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.374308109 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.374449968 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.374465942 CET44349805151.101.65.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.548923016 CET49806443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.548957109 CET4434980635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.549168110 CET49806443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.550612926 CET49806443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.550627947 CET4434980635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.460238934 CET4434980135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.460257053 CET4434980135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.460318089 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.463409901 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.463424921 CET4434980135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.463711023 CET4434980135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.466640949 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.466743946 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.466821909 CET4434980135.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.466933012 CET49801443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.468988895 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.469238043 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.470038891 CET4434980335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.471992016 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.472003937 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.472280979 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.472381115 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.472795010 CET49803443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.477561951 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.477761984 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.477818966 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.477826118 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478229046 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478281975 CET4434980734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478303909 CET49803443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478308916 CET4434980335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478380919 CET49803443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478545904 CET4434980335.190.72.216192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478630066 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478873014 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478885889 CET4434980734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.478998899 CET49803443192.168.2.735.190.72.216
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.591231108 CET44349805151.101.65.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.591305017 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.592037916 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.594219923 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.594227076 CET44349805151.101.65.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.594552994 CET44349805151.101.65.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.597084999 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.597207069 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.597322941 CET44349805151.101.65.91192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.601593018 CET49805443192.168.2.7151.101.65.91
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.607980967 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.608019114 CET4434980835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.608369112 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.608530045 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.608541012 CET4434980835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.610104084 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.610141039 CET4434980935.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.610747099 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.610889912 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.610904932 CET4434980935.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.612735987 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.612751007 CET4434981035.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.613409996 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.613594055 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.613603115 CET4434981035.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.687334061 CET4434980234.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.687410116 CET49802443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.766936064 CET4434980635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.767003059 CET49806443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.771418095 CET49806443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.771434069 CET4434980635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.771524906 CET49806443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.771581888 CET4434980635.201.103.21192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.771775961 CET49806443192.168.2.735.201.103.21
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.775604963 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.775645971 CET4434981134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.775744915 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.775863886 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.775872946 CET4434981134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.786483049 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.789562941 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.828141928 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.909293890 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.104093075 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.160247087 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.551983118 CET49817443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.552018881 CET4434981734.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.552352905 CET49817443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.553755999 CET49817443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.553781986 CET4434981734.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.691186905 CET4434980734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.691282034 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.694575071 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.694588900 CET4434980734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.694830894 CET4434980734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.697617054 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.697727919 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.697848082 CET4434980734.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.697945118 CET49807443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.701416016 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.818238020 CET4434980835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.818393946 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.821726084 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.821748972 CET4434980835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.822202921 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.822339058 CET4434980835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.822412968 CET4434980935.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.822669029 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.825229883 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.825242043 CET4434980935.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.825628996 CET4434980935.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.827503920 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.827608109 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.827779055 CET4434980835.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.828531981 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.828593016 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.828777075 CET4434980935.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.828869104 CET49808443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.828872919 CET49809443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.830074072 CET4434981035.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.830147028 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.833106041 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.833125114 CET4434981035.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.833385944 CET4434981035.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.835824966 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.835896969 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.836015940 CET4434981035.244.181.201192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.836128950 CET49810443192.168.2.735.244.181.201
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.987433910 CET4434981134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.987524986 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.991235971 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.991245985 CET4434981134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.991774082 CET4434981134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.993618965 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.993799925 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.993861914 CET4434981134.149.100.209192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.994074106 CET49811443192.168.2.734.149.100.209
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.016711950 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.020168066 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.062908888 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.139822960 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.334482908 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.379420996 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.767246962 CET4434981734.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.767364979 CET49817443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.772367954 CET49817443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.772391081 CET4434981734.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.772504091 CET49817443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.772538900 CET4434981734.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.773374081 CET49817443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.775352955 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.895067930 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.090109110 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.093183041 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.134841919 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.212954998 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.407694101 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.466945887 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:40.679297924 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:40.798983097 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:40.993729115 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:40.998302937 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:41.049037933 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:41.118061066 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:41.312585115 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:41.365550995 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:51.009643078 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:51.131093979 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:51.326159000 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:51.445873976 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.030225039 CET49869443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.030261993 CET4434986934.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.030365944 CET49869443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.031826973 CET49869443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.031850100 CET4434986934.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.248681068 CET4434986934.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.248795033 CET49869443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.253058910 CET49869443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.253076077 CET4434986934.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.253171921 CET49869443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.253261089 CET4434986934.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.253393888 CET49869443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.255867958 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.375550032 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.570888042 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.574803114 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.613323927 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.694725990 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.889348030 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.945473909 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.766304970 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.766376019 CET4434988734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.766602993 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.766660929 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.766846895 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.766938925 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.767077923 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.767087936 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.767338991 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.767362118 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.767618895 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.767667055 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768721104 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768738985 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768739939 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768816948 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768819094 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768981934 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769005060 CET4434988734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769151926 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769167900 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769216061 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769246101 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769274950 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769287109 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769340038 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769357920 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769830942 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769831896 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.769875050 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.981930971 CET4434988734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.982028961 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.982038021 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.982110023 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.982769966 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.982837915 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.983927011 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.983947992 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.983994007 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.984163046 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.984952927 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.985280037 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.985593081 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.985619068 CET4434988734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.985888004 CET4434988734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.988017082 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.988033056 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.988347054 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.990257025 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.990267038 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.990495920 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.992636919 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.992644072 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.992850065 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.995014906 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.995019913 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.995387077 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.997517109 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.997534990 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:03.997735023 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.004415035 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.004635096 CET4434988734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.004796028 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.004879951 CET49887443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.004913092 CET4434988734.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.004968882 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.004976988 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005132914 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005207062 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005330086 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005481958 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005743980 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005753994 CET4434989034.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005801916 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005808115 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005856037 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005861998 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.005927086 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.006105900 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.006128073 CET4434989134.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.006644964 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.006676912 CET4434989334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.006680012 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.006706953 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.009249926 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.009350061 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.009799004 CET4434989234.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.012613058 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013041973 CET49891443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013103962 CET49890443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013175964 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013206005 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013228893 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013236046 CET4434989334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013319969 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013324976 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.013443947 CET49892443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.132368088 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.211325884 CET4434988934.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.211328983 CET4434988834.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.211468935 CET49888443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.211477995 CET49889443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.327450991 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.330410957 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.386020899 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.450385094 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.644721031 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.686947107 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.224761009 CET4434989334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.224776983 CET4434989334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.224877119 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.225184917 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.225377083 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.228219032 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.228230953 CET4434989334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.228481054 CET4434989334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.230561972 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.230576038 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.230834007 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.233479023 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.233614922 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.233625889 CET4434989334.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.233807087 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.233938932 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.234221935 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.234231949 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.234400034 CET49893443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.237557888 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.357397079 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.443336010 CET4434989434.120.208.123192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.443382978 CET49894443192.168.2.734.120.208.123
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.552059889 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.555536985 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.605263948 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.675410032 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.870044947 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.921926975 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:15.564855099 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:15.684633017 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:15.881463051 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:16.001616001 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:25.694843054 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:25.814582109 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:26.011297941 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:26.132196903 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:35.824937105 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:35.945693016 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:36.141402006 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:36.261368990 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.407182932 CET49976443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.407238960 CET4434997634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.407727957 CET49976443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.409265995 CET49976443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.409291029 CET4434997634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.623786926 CET4434997634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.627170086 CET49976443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.634233952 CET49976443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.634254932 CET4434997634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.634356022 CET49976443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.634480000 CET4434997634.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.634577990 CET49976443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.637022972 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.756748915 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.952579975 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.959330082 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:39.003257036 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:39.080630064 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:39.275441885 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:39.319741011 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:48.962024927 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:49.081981897 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:49.279509068 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:49.399365902 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:59.090462923 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:59.210283041 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:59.407073975 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:59.526911020 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:09.220189095 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:09.340033054 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:09.536649942 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:09.656316996 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:19.349361897 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:19.665843964 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:19.800323009 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:19.814579010 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:29.811475992 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:29.833688974 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:29.931469917 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:29.953632116 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:39.941668987 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:39.963984013 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:40.061578989 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:40.083997965 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:50.071152925 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:50.093282938 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:50.190984964 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:50.213051081 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.953295946 CET50032443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.953334093 CET4435003234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:59.026423931 CET50032443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:59.028878927 CET50032443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:59.028898001 CET4435003234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.201390982 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.221607924 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.527582884 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.527617931 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.532376051 CET4435003234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.532396078 CET4435003234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.532450914 CET50032443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.538099051 CET50032443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.538120985 CET4435003234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.538213015 CET50032443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.538336039 CET4435003234.107.243.93192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.541116953 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.541960955 CET50032443192.168.2.734.107.243.93
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.660887957 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.855699062 CET804971634.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.860146999 CET4971580192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.910693884 CET4971680192.168.2.734.107.221.82
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.979803085 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:01.174715996 CET804971534.107.221.82192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:01.233860970 CET4971580192.168.2.734.107.221.82

                                                                                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:04.925337076 CET5653053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:04.926816940 CET5618753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.062493086 CET53565301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065794945 CET5196253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.066371918 CET5003653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.067076921 CET4931353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.203197002 CET53519621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.204598904 CET53493131.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.206011057 CET53500361.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.210017920 CET5775953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.210078001 CET6193953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.210278034 CET6158653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.247347116 CET6291053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.251367092 CET5045553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.347388029 CET53615861.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.347402096 CET53619391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.347923994 CET53577591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.385057926 CET53629101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.389293909 CET6290853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.395685911 CET53504551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.401046038 CET6010553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.497164965 CET6217453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.526854038 CET53629081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.530119896 CET6317753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.539189100 CET53601051.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.541594982 CET6293253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.634157896 CET53621741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.667954922 CET53631771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.678719044 CET53629321.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.706228971 CET5376053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.844160080 CET53537601.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.431473970 CET6158853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.431837082 CET5833353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.569412947 CET53615881.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.569431067 CET53583331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.792494059 CET5836853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.885910034 CET5546953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.023344994 CET53554691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.027637005 CET5430953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.168672085 CET53543091.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.242130995 CET5966353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.380701065 CET53596631.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.060832024 CET5241453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.199543953 CET53524141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.200589895 CET5919653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.338614941 CET53591961.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.339601994 CET6437553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.477019072 CET53643751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.000350952 CET6028953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.840773106 CET53530871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.029843092 CET4917653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.167783976 CET53491761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.169749975 CET6365053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.309710026 CET53636501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.311822891 CET5234253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.451365948 CET53523421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.369373083 CET5459753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.433978081 CET5224353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.571588993 CET53522431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.572556019 CET5871853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.666559935 CET53545971.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.668055058 CET6308553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.709557056 CET53587181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.805248022 CET53630851.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.806528091 CET5132753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.823455095 CET5675453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.943706036 CET53513271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.960458994 CET53567541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.017694950 CET5942353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.021461964 CET5051553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.156111002 CET53594231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.159025908 CET53505151.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.235393047 CET5171553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.235485077 CET5829853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.235716105 CET6507153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET53517151.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373378038 CET53650711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373526096 CET53582981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.374567986 CET5332853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.374567986 CET6007853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.374948978 CET6059753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.511847973 CET53533281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.512203932 CET53605971.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.512993097 CET6187153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET53600781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513098001 CET5922853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513570070 CET6552553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.650118113 CET53592281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.650530100 CET53655251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.651488066 CET53618711.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.652894974 CET5668353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.653167963 CET6297553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790245056 CET53566831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790652990 CET53629751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.791309118 CET5434753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.791933060 CET5585853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.928805113 CET53543471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.929415941 CET53558581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.929507971 CET6504953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.929939985 CET4955953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.067142010 CET53495591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.068295002 CET53650491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.234427929 CET6124753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.235358000 CET6189053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.254678965 CET5575853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.372746944 CET53612471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.374025106 CET6347853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.465701103 CET53618901.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.466576099 CET6215153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.512667894 CET53634781.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.513726950 CET5092753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.547888994 CET53557581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.549082994 CET4956553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.603879929 CET53621511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.653034925 CET53509271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.757087946 CET53495651.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.758341074 CET5090353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.898869991 CET53509031.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.552244902 CET6297453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.694977045 CET53629741.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.030201912 CET6401053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.171653032 CET53640101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.256206989 CET6326353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768608093 CET6326953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.907087088 CET53632691.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.267527103 CET6428753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.405616045 CET53642871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.407663107 CET5500753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.544823885 CET53550071.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.651360989 CET5408153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.789120913 CET53540811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.790838957 CET6290153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.928699017 CET53629011.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.951129913 CET6468253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:59.088500023 CET53646821.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.541914940 CET5444053192.168.2.71.1.1.1

                                                                                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:04.925337076 CET192.168.2.71.1.1.10x7c90Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:04.926816940 CET192.168.2.71.1.1.10xfb1dStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.065794945 CET192.168.2.71.1.1.10x8b0aStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.066371918 CET192.168.2.71.1.1.10x79cfStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.067076921 CET192.168.2.71.1.1.10xb23bStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.210017920 CET192.168.2.71.1.1.10xc8d7Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.210078001 CET192.168.2.71.1.1.10x3ea1Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.210278034 CET192.168.2.71.1.1.10xec4Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.247347116 CET192.168.2.71.1.1.10x9c2fStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.251367092 CET192.168.2.71.1.1.10xef04Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.389293909 CET192.168.2.71.1.1.10x8d63Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.401046038 CET192.168.2.71.1.1.10x746aStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.497164965 CET192.168.2.71.1.1.10x895cStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.530119896 CET192.168.2.71.1.1.10xc7afStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.541594982 CET192.168.2.71.1.1.10xf92bStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.706228971 CET192.168.2.71.1.1.10x45e6Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.431473970 CET192.168.2.71.1.1.10x5ccfStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.431837082 CET192.168.2.71.1.1.10xe21dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.792494059 CET192.168.2.71.1.1.10x5563Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.885910034 CET192.168.2.71.1.1.10x9502Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.027637005 CET192.168.2.71.1.1.10x6e3eStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.242130995 CET192.168.2.71.1.1.10xbe1Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.060832024 CET192.168.2.71.1.1.10xc76fStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.200589895 CET192.168.2.71.1.1.10xbdbeStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.339601994 CET192.168.2.71.1.1.10x6dc2Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.000350952 CET192.168.2.71.1.1.10x22d2Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.029843092 CET192.168.2.71.1.1.10xe844Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.169749975 CET192.168.2.71.1.1.10x2106Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.311822891 CET192.168.2.71.1.1.10x9584Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.369373083 CET192.168.2.71.1.1.10xbc89Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.433978081 CET192.168.2.71.1.1.10x8cd1Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.572556019 CET192.168.2.71.1.1.10xeeb2Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.668055058 CET192.168.2.71.1.1.10xcb34Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.806528091 CET192.168.2.71.1.1.10xda8cStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.823455095 CET192.168.2.71.1.1.10xac62Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.017694950 CET192.168.2.71.1.1.10x6d89Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.021461964 CET192.168.2.71.1.1.10x94e1Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.235393047 CET192.168.2.71.1.1.10x43a1Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.235485077 CET192.168.2.71.1.1.10xfa32Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.235716105 CET192.168.2.71.1.1.10x7a75Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.374567986 CET192.168.2.71.1.1.10x8eb7Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.374567986 CET192.168.2.71.1.1.10x50f3Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.374948978 CET192.168.2.71.1.1.10xacd5Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.512993097 CET192.168.2.71.1.1.10x9b37Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513098001 CET192.168.2.71.1.1.10x5a35Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513570070 CET192.168.2.71.1.1.10xb634Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.652894974 CET192.168.2.71.1.1.10x9c6dStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.653167963 CET192.168.2.71.1.1.10x73aaStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.791309118 CET192.168.2.71.1.1.10x4ef1Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.791933060 CET192.168.2.71.1.1.10x4f8cStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.929507971 CET192.168.2.71.1.1.10xf975Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.929939985 CET192.168.2.71.1.1.10x1e5cStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.234427929 CET192.168.2.71.1.1.10x2eb7Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.235358000 CET192.168.2.71.1.1.10x7430Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.254678965 CET192.168.2.71.1.1.10x6592Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.374025106 CET192.168.2.71.1.1.10x1a16Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.466576099 CET192.168.2.71.1.1.10x3f28Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.513726950 CET192.168.2.71.1.1.10xd479Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.549082994 CET192.168.2.71.1.1.10x8754Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.758341074 CET192.168.2.71.1.1.10x17b5Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.552244902 CET192.168.2.71.1.1.10x6e7dStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:56.030201912 CET192.168.2.71.1.1.10xc97eStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.256206989 CET192.168.2.71.1.1.10xe7ceStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.768608093 CET192.168.2.71.1.1.10xb13aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.267527103 CET192.168.2.71.1.1.10xcd32Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.407663107 CET192.168.2.71.1.1.10x7fcbStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.651360989 CET192.168.2.71.1.1.10x762dStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.790838957 CET192.168.2.71.1.1.10xe102Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.951129913 CET192.168.2.71.1.1.10x4f98Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.541914940 CET192.168.2.71.1.1.10x901eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.062493086 CET1.1.1.1192.168.2.70x7c90No error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.063225031 CET1.1.1.1192.168.2.70x7130No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.064162970 CET1.1.1.1192.168.2.70xfb1dNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.064162970 CET1.1.1.1192.168.2.70xfb1dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.203197002 CET1.1.1.1192.168.2.70x8b0aNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.204598904 CET1.1.1.1192.168.2.70xb23bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.206011057 CET1.1.1.1192.168.2.70x79cfNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.347388029 CET1.1.1.1192.168.2.70xec4No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.347402096 CET1.1.1.1192.168.2.70x3ea1No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.385057926 CET1.1.1.1192.168.2.70x9c2fNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.395685911 CET1.1.1.1192.168.2.70xef04No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.395685911 CET1.1.1.1192.168.2.70xef04No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.477641106 CET1.1.1.1192.168.2.70xd43No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.477641106 CET1.1.1.1192.168.2.70xd43No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.526854038 CET1.1.1.1192.168.2.70x8d63No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.539189100 CET1.1.1.1192.168.2.70x746aNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.634157896 CET1.1.1.1192.168.2.70x895cNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.569412947 CET1.1.1.1192.168.2.70x5ccfNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.569431067 CET1.1.1.1192.168.2.70xe21dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.569431067 CET1.1.1.1192.168.2.70xe21dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.930010080 CET1.1.1.1192.168.2.70x5563No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.930010080 CET1.1.1.1192.168.2.70x5563No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.023344994 CET1.1.1.1192.168.2.70x9502No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.023344994 CET1.1.1.1192.168.2.70x9502No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.023344994 CET1.1.1.1192.168.2.70x9502No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.168672085 CET1.1.1.1192.168.2.70x6e3eNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.380701065 CET1.1.1.1192.168.2.70xbe1No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.199543953 CET1.1.1.1192.168.2.70xc76fNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.199543953 CET1.1.1.1192.168.2.70xc76fNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.199543953 CET1.1.1.1192.168.2.70xc76fNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.338614941 CET1.1.1.1192.168.2.70xbdbeNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.379465103 CET1.1.1.1192.168.2.70x22d2No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.167783976 CET1.1.1.1192.168.2.70xe844No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.309710026 CET1.1.1.1192.168.2.70x2106No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.431567907 CET1.1.1.1192.168.2.70x1b1eNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.571588993 CET1.1.1.1192.168.2.70x8cd1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.666559935 CET1.1.1.1192.168.2.70xbc89No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.666559935 CET1.1.1.1192.168.2.70xbc89No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.772636890 CET1.1.1.1192.168.2.70x9e32No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.772636890 CET1.1.1.1192.168.2.70x9e32No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.805248022 CET1.1.1.1192.168.2.70xcb34No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.585279942 CET1.1.1.1192.168.2.70x51c6No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373260021 CET1.1.1.1192.168.2.70x43a1No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373378038 CET1.1.1.1192.168.2.70x7a75No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373378038 CET1.1.1.1192.168.2.70x7a75No error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373526096 CET1.1.1.1192.168.2.70xfa32No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.373526096 CET1.1.1.1192.168.2.70xfa32No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.511847973 CET1.1.1.1192.168.2.70x8eb7No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.512203932 CET1.1.1.1192.168.2.70xacd5No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.513068914 CET1.1.1.1192.168.2.70x50f3No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.650118113 CET1.1.1.1192.168.2.70x5a35No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.650530100 CET1.1.1.1192.168.2.70xb634No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.650530100 CET1.1.1.1192.168.2.70xb634No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.650530100 CET1.1.1.1192.168.2.70xb634No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.650530100 CET1.1.1.1192.168.2.70xb634No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.651488066 CET1.1.1.1192.168.2.70x9b37No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790245056 CET1.1.1.1192.168.2.70x9c6dNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790245056 CET1.1.1.1192.168.2.70x9c6dNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790245056 CET1.1.1.1192.168.2.70x9c6dNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790245056 CET1.1.1.1192.168.2.70x9c6dNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790245056 CET1.1.1.1192.168.2.70x9c6dNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.790652990 CET1.1.1.1192.168.2.70x73aaNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.928805113 CET1.1.1.1192.168.2.70x4ef1No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.928805113 CET1.1.1.1192.168.2.70x4ef1No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.928805113 CET1.1.1.1192.168.2.70x4ef1No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.928805113 CET1.1.1.1192.168.2.70x4ef1No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.929415941 CET1.1.1.1192.168.2.70x4f8cNo error (0)twitter.com104.244.42.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.372746944 CET1.1.1.1192.168.2.70x2eb7No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.372746944 CET1.1.1.1192.168.2.70x2eb7No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.372746944 CET1.1.1.1192.168.2.70x2eb7No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.372746944 CET1.1.1.1192.168.2.70x2eb7No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.465701103 CET1.1.1.1192.168.2.70x7430No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.512667894 CET1.1.1.1192.168.2.70x1a16No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.512667894 CET1.1.1.1192.168.2.70x1a16No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.512667894 CET1.1.1.1192.168.2.70x1a16No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.512667894 CET1.1.1.1192.168.2.70x1a16No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.547888994 CET1.1.1.1192.168.2.70x6592No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.547888994 CET1.1.1.1192.168.2.70x6592No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.653034925 CET1.1.1.1192.168.2.70xd479No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.653034925 CET1.1.1.1192.168.2.70xd479No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.653034925 CET1.1.1.1192.168.2.70xd479No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.653034925 CET1.1.1.1192.168.2.70xd479No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:32.757087946 CET1.1.1.1192.168.2.70x8754No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.316468954 CET1.1.1.1192.168.2.70xc1c3No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.316468954 CET1.1.1.1192.168.2.70xc1c3No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.393893957 CET1.1.1.1192.168.2.70xe7ceNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.393893957 CET1.1.1.1192.168.2.70xe7ceNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:02.763448000 CET1.1.1.1192.168.2.70xbfdfNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:37.405616045 CET1.1.1.1192.168.2.70xcd32No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.789120913 CET1.1.1.1192.168.2.70x762dNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:58.928699017 CET1.1.1.1192.168.2.70xe102No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.679035902 CET1.1.1.1192.168.2.70x901eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.679035902 CET1.1.1.1192.168.2.70x901eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                    • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                    0192.168.2.74970934.107.221.82807544C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:05.194669962 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:06.282172918 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67959
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                    1192.168.2.74971534.107.221.82807544C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.051516056 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.136064053 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77663
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.434150934 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.748181105 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77667
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.095892906 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.410707951 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77668
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.471934080 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.882258892 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77672
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.466886997 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.782316923 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77674
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:21.930846930 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:22.245019913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77678
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.771115065 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.085571051 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77679
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.538948059 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.853437901 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77680
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.860179901 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.174916983 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77681
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.349323988 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.663603067 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77681
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.572678089 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.887012959 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77682
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.801177025 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.115730047 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77683
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.028742075 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.346853971 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77685
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.789562941 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.104093075 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77689
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.020168066 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.334482908 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77691
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.093183041 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.407694101 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77692
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:40.998302937 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:41.312585115 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77697
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:51.326159000 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.574803114 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.889348030 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77713
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.330410957 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.644721031 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77720
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.555536985 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.870044947 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77721
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:15.881463051 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:26.011297941 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:36.141402006 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.959330082 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:39.275441885 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77755
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:49.279509068 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:59.407073975 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:09.536649942 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:19.665843964 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:29.833688974 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:39.963984013 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.860146999 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:01.174715996 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 11:58:44 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 77837
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                    2192.168.2.74971634.107.221.82807544C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:07.053416014 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:08.138869047 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67960
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:11.715687990 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:12.030272961 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67964
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.060478926 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:16.375395060 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67969
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:17.943191051 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:18.258238077 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67971
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.446854115 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:20.761446953 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67973
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.018968105 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.333375931 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67976
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:23.789113998 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.103473902 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67976
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.541635990 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:24.856151104 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67977
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.025979042 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:25.345845938 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67978
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.251327038 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:26.566210985 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67979
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.483515024 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:27.797921896 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67980
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:28.709286928 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:29.023637056 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67981
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.472280979 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:33.786483049 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67986
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:34.701416016 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.016711950 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67987
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:35.775352955 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:36.090109110 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67988
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:40.679297924 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:40.993729115 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 67993
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:51.009643078 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.255867958 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:33:57.570888042 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 68010
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.012613058 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:04.327450991 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 68017
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.237557888 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:05.552059889 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 68018
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:15.564855099 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:25.694843054 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:35.824937105 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.637022972 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:38.952579975 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 68051
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:48.962024927 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:34:59.090462923 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:09.220189095 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:19.349361897 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:29.811475992 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:35:39.941668987 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.541116953 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                    Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                    Dec 16, 2024 10:36:00.855699062 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                                                                                    Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                    Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                    Date: Sun, 15 Dec 2024 14:40:27 GMT
                                                                                                                                                                                                                                                                                                                                                                    Age: 68133
                                                                                                                                                                                                                                                                                                                                                                    Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                    Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                    Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                    Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:55
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\P0HV8mjHS1.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\P0HV8mjHS1.exe"
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x690000
                                                                                                                                                                                                                                                                                                                                                                    File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:1D201EBA6524CE8727DADF2031FC2B4A
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:56
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7e0000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:56
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:59
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7e0000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:59
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:59
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7e0000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:59
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:59
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7e0000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:32:59
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:00
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                    Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7e0000
                                                                                                                                                                                                                                                                                                                                                                    File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:00
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:00
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:00
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:00
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:01
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2276 -parentBuildID 20230927232528 -prefsHandle 2220 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3b9f6ce-a2db-4f66-b756-766fc2b83bc7} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18dc9c70d10 socket
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:03
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3324 -prefMapHandle 3440 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67dcf0b4-d1ae-4ec7-aa63-1c099a10ae19} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18ddbc29e10 rdd
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                                                                                                                                                                                    Start time:04:33:17
                                                                                                                                                                                                                                                                                                                                                                    Start date:16/12/2024
                                                                                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5084 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 33202 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b902751-ce7d-4cf8-9dfc-af4768130874} 7544 "\\.\pipe\gecko-crash-server-pipe.7544" 18de29d1d10 utility
                                                                                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff722870000
                                                                                                                                                                                                                                                                                                                                                                    File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                                                                                      Execution Coverage:2.6%
                                                                                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                      Signature Coverage:6.1%
                                                                                                                                                                                                                                                                                                                                                                      Total number of Nodes:1778
                                                                                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:51
                                                                                                                                                                                                                                                                                                                                                                      execution_graph 94691 691cad SystemParametersInfoW 94692 6d2ba5 94693 6d2baf 94692->94693 94694 692b25 94692->94694 94738 693a5a 94693->94738 94720 692b83 7 API calls 94694->94720 94698 6d2bb8 94745 699cb3 94698->94745 94701 692b2f 94703 692b44 94701->94703 94724 693837 94701->94724 94702 6d2bc6 94704 6d2bce 94702->94704 94705 6d2bf5 94702->94705 94711 692b5f 94703->94711 94734 6930f2 94703->94734 94751 6933c6 94704->94751 94708 6933c6 22 API calls 94705->94708 94719 6d2bf1 GetForegroundWindow ShellExecuteW 94708->94719 94716 692b66 SetCurrentDirectoryW 94711->94716 94713 6d2c26 94713->94711 94715 6d2be7 94717 6933c6 22 API calls 94715->94717 94718 692b7a 94716->94718 94717->94719 94719->94713 94761 692cd4 7 API calls 94720->94761 94722 692b2a 94723 692c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 94722->94723 94723->94701 94725 693862 ___scrt_fastfail 94724->94725 94762 694212 94725->94762 94728 6938e8 94730 6d3386 Shell_NotifyIconW 94728->94730 94731 693906 Shell_NotifyIconW 94728->94731 94766 693923 94731->94766 94733 69391c 94733->94703 94735 693154 94734->94735 94736 693104 ___scrt_fastfail 94734->94736 94735->94711 94737 693123 Shell_NotifyIconW 94736->94737 94737->94735 94855 6d1f50 94738->94855 94741 699cb3 22 API calls 94742 693a8d 94741->94742 94857 693aa2 94742->94857 94744 693a97 94744->94698 94746 699cc2 _wcslen 94745->94746 94747 6afe0b 22 API calls 94746->94747 94748 699cea __fread_nolock 94747->94748 94749 6afddb 22 API calls 94748->94749 94750 699d00 94749->94750 94750->94702 94752 6933dd 94751->94752 94753 6d30bb 94751->94753 94877 6933ee 94752->94877 94755 6afddb 22 API calls 94753->94755 94757 6d30c5 _wcslen 94755->94757 94756 6933e8 94760 696350 22 API calls 94756->94760 94758 6afe0b 22 API calls 94757->94758 94759 6d30fe __fread_nolock 94758->94759 94760->94715 94761->94722 94763 6d35a4 94762->94763 94764 6938b7 94762->94764 94763->94764 94765 6d35ad DestroyIcon 94763->94765 94764->94728 94788 6fc874 42 API calls _strftime 94764->94788 94765->94764 94767 69393f 94766->94767 94768 693a13 94766->94768 94789 696270 94767->94789 94768->94733 94771 69395a 94794 696b57 94771->94794 94772 6d3393 LoadStringW 94774 6d33ad 94772->94774 94782 693994 ___scrt_fastfail 94774->94782 94807 69a8c7 22 API calls __fread_nolock 94774->94807 94775 69396f 94776 6d33c9 94775->94776 94777 69397c 94775->94777 94808 696350 22 API calls 94776->94808 94777->94774 94779 693986 94777->94779 94806 696350 22 API calls 94779->94806 94785 6939f9 Shell_NotifyIconW 94782->94785 94783 6d33d7 94783->94782 94784 6933c6 22 API calls 94783->94784 94786 6d33f9 94784->94786 94785->94768 94787 6933c6 22 API calls 94786->94787 94787->94782 94788->94728 94809 6afe0b 94789->94809 94791 696295 94819 6afddb 94791->94819 94793 69394d 94793->94771 94793->94772 94795 6d4ba1 94794->94795 94796 696b67 _wcslen 94794->94796 94845 6993b2 94795->94845 94799 696b7d 94796->94799 94800 696ba2 94796->94800 94798 6d4baa 94798->94798 94844 696f34 22 API calls 94799->94844 94802 6afddb 22 API calls 94800->94802 94803 696bae 94802->94803 94805 6afe0b 22 API calls 94803->94805 94804 696b85 __fread_nolock 94804->94775 94805->94804 94806->94782 94807->94782 94808->94783 94810 6afddb 94809->94810 94812 6afdfa 94810->94812 94815 6afdfc 94810->94815 94829 6bea0c 94810->94829 94836 6b4ead 7 API calls 2 library calls 94810->94836 94812->94791 94814 6b066d 94838 6b32a4 RaiseException 94814->94838 94815->94814 94837 6b32a4 RaiseException 94815->94837 94818 6b068a 94818->94791 94822 6afde0 94819->94822 94820 6bea0c ___std_exception_copy 21 API calls 94820->94822 94821 6afdfa 94821->94793 94822->94820 94822->94821 94825 6afdfc 94822->94825 94841 6b4ead 7 API calls 2 library calls 94822->94841 94824 6b066d 94843 6b32a4 RaiseException 94824->94843 94825->94824 94842 6b32a4 RaiseException 94825->94842 94828 6b068a 94828->94793 94834 6c3820 CallUnexpected 94829->94834 94830 6c385e 94840 6bf2d9 20 API calls _abort 94830->94840 94832 6c3849 RtlAllocateHeap 94833 6c385c 94832->94833 94832->94834 94833->94810 94834->94830 94834->94832 94839 6b4ead 7 API calls 2 library calls 94834->94839 94836->94810 94837->94814 94838->94818 94839->94834 94840->94833 94841->94822 94842->94824 94843->94828 94844->94804 94846 6993c9 __fread_nolock 94845->94846 94847 6993c0 94845->94847 94846->94798 94847->94846 94849 69aec9 94847->94849 94850 69aed9 __fread_nolock 94849->94850 94851 69aedc 94849->94851 94850->94846 94852 6afddb 22 API calls 94851->94852 94853 69aee7 94852->94853 94854 6afe0b 22 API calls 94853->94854 94854->94850 94856 693a67 GetModuleFileNameW 94855->94856 94856->94741 94858 6d1f50 __wsopen_s 94857->94858 94859 693aaf GetFullPathNameW 94858->94859 94860 693ae9 94859->94860 94861 693ace 94859->94861 94871 69a6c3 94860->94871 94862 696b57 22 API calls 94861->94862 94864 693ada 94862->94864 94867 6937a0 94864->94867 94868 6937ae 94867->94868 94869 6993b2 22 API calls 94868->94869 94870 6937c2 94869->94870 94870->94744 94872 69a6dd 94871->94872 94876 69a6d0 94871->94876 94873 6afddb 22 API calls 94872->94873 94874 69a6e7 94873->94874 94875 6afe0b 22 API calls 94874->94875 94875->94876 94876->94864 94878 6933fe _wcslen 94877->94878 94879 6d311d 94878->94879 94880 693411 94878->94880 94882 6afddb 22 API calls 94879->94882 94887 69a587 94880->94887 94884 6d3127 94882->94884 94883 69341e __fread_nolock 94883->94756 94885 6afe0b 22 API calls 94884->94885 94886 6d3157 __fread_nolock 94885->94886 94888 69a59d 94887->94888 94891 69a598 __fread_nolock 94887->94891 94889 6df80f 94888->94889 94890 6afe0b 22 API calls 94888->94890 94890->94891 94891->94883 94892 692de3 94893 692df0 __wsopen_s 94892->94893 94894 692e09 94893->94894 94895 6d2c2b ___scrt_fastfail 94893->94895 94896 693aa2 23 API calls 94894->94896 94898 6d2c47 GetOpenFileNameW 94895->94898 94897 692e12 94896->94897 94908 692da5 94897->94908 94900 6d2c96 94898->94900 94902 696b57 22 API calls 94900->94902 94904 6d2cab 94902->94904 94904->94904 94905 692e27 94926 6944a8 94905->94926 94909 6d1f50 __wsopen_s 94908->94909 94910 692db2 GetLongPathNameW 94909->94910 94911 696b57 22 API calls 94910->94911 94912 692dda 94911->94912 94913 693598 94912->94913 94956 69a961 94913->94956 94916 693aa2 23 API calls 94917 6935b5 94916->94917 94918 6935c0 94917->94918 94922 6d32eb 94917->94922 94961 69515f 94918->94961 94924 6d330d 94922->94924 94973 6ace60 41 API calls 94922->94973 94925 6935df 94925->94905 94974 694ecb 94926->94974 94929 6d3833 94996 702cf9 94929->94996 94930 694ecb 94 API calls 94932 6944e1 94930->94932 94932->94929 94934 6944e9 94932->94934 94933 6d3848 94935 6d384c 94933->94935 94936 6d3869 94933->94936 94939 6d3854 94934->94939 94940 6944f5 94934->94940 95046 694f39 94935->95046 94938 6afe0b 22 API calls 94936->94938 94955 6d38ae 94938->94955 95052 6fda5a 82 API calls 94939->95052 95045 69940c 136 API calls 2 library calls 94940->95045 94943 6d3862 94943->94936 94944 692e31 94945 6d3a5f 94950 6d3a67 94945->94950 94946 694f39 68 API calls 94946->94950 94950->94946 95054 6f989b 82 API calls __wsopen_s 94950->95054 94952 699cb3 22 API calls 94952->94955 94955->94945 94955->94950 94955->94952 95022 6f967e 94955->95022 95025 700b5a 94955->95025 95031 69a4a1 94955->95031 95039 693ff7 94955->95039 95053 6f95ad 42 API calls _wcslen 94955->95053 94957 6afe0b 22 API calls 94956->94957 94958 69a976 94957->94958 94959 6afddb 22 API calls 94958->94959 94960 6935aa 94959->94960 94960->94916 94962 69516e 94961->94962 94966 69518f __fread_nolock 94961->94966 94965 6afe0b 22 API calls 94962->94965 94963 6afddb 22 API calls 94964 6935cc 94963->94964 94967 6935f3 94964->94967 94965->94966 94966->94963 94968 693605 94967->94968 94972 693624 __fread_nolock 94967->94972 94971 6afe0b 22 API calls 94968->94971 94969 6afddb 22 API calls 94970 69363b 94969->94970 94970->94925 94971->94972 94972->94969 94973->94922 95055 694e90 LoadLibraryA 94974->95055 94979 6d3ccf 94981 694f39 68 API calls 94979->94981 94980 694ef6 LoadLibraryExW 95063 694e59 LoadLibraryA 94980->95063 94983 6d3cd6 94981->94983 94985 694e59 3 API calls 94983->94985 94987 6d3cde 94985->94987 95085 6950f5 94987->95085 94988 694f20 94988->94987 94989 694f2c 94988->94989 94990 694f39 68 API calls 94989->94990 94992 6944cd 94990->94992 94992->94929 94992->94930 94995 6d3d05 94997 702d15 94996->94997 94998 69511f 64 API calls 94997->94998 94999 702d29 94998->94999 95235 702e66 94999->95235 95002 6950f5 40 API calls 95003 702d56 95002->95003 95004 6950f5 40 API calls 95003->95004 95005 702d66 95004->95005 95006 6950f5 40 API calls 95005->95006 95007 702d81 95006->95007 95008 6950f5 40 API calls 95007->95008 95009 702d9c 95008->95009 95010 69511f 64 API calls 95009->95010 95011 702db3 95010->95011 95012 6bea0c ___std_exception_copy 21 API calls 95011->95012 95013 702dba 95012->95013 95014 6bea0c ___std_exception_copy 21 API calls 95013->95014 95015 702dc4 95014->95015 95016 6950f5 40 API calls 95015->95016 95017 702dd8 95016->95017 95018 7028fe 27 API calls 95017->95018 95020 702dee 95018->95020 95019 702d3f 95019->94933 95020->95019 95241 7022ce 79 API calls 95020->95241 95023 6afe0b 22 API calls 95022->95023 95024 6f96ae __fread_nolock 95023->95024 95024->94955 95026 700b65 95025->95026 95027 6afddb 22 API calls 95026->95027 95028 700b7c 95027->95028 95029 699cb3 22 API calls 95028->95029 95030 700b87 95029->95030 95030->94955 95032 69a52b 95031->95032 95038 69a4b1 __fread_nolock 95031->95038 95034 6afe0b 22 API calls 95032->95034 95033 6afddb 22 API calls 95035 69a4b8 95033->95035 95034->95038 95036 69a4d6 95035->95036 95037 6afddb 22 API calls 95035->95037 95036->94955 95037->95036 95038->95033 95040 69400a 95039->95040 95042 6940ae 95039->95042 95041 6afe0b 22 API calls 95040->95041 95043 69403c 95040->95043 95041->95043 95042->94955 95043->95042 95044 6afddb 22 API calls 95043->95044 95044->95043 95045->94944 95047 694f43 95046->95047 95049 694f4a 95046->95049 95242 6be678 95047->95242 95050 694f59 95049->95050 95051 694f6a FreeLibrary 95049->95051 95050->94939 95051->95050 95052->94943 95053->94955 95054->94950 95056 694ea8 GetProcAddress 95055->95056 95057 694ec6 95055->95057 95058 694eb8 95056->95058 95060 6be5eb 95057->95060 95058->95057 95059 694ebf FreeLibrary 95058->95059 95059->95057 95093 6be52a 95060->95093 95062 694eea 95062->94979 95062->94980 95064 694e8d 95063->95064 95065 694e6e GetProcAddress 95063->95065 95068 694f80 95064->95068 95066 694e7e 95065->95066 95066->95064 95067 694e86 FreeLibrary 95066->95067 95067->95064 95069 6afe0b 22 API calls 95068->95069 95070 694f95 95069->95070 95161 695722 95070->95161 95072 694fa1 __fread_nolock 95073 6d3d1d 95072->95073 95074 6950a5 95072->95074 95084 694fdc 95072->95084 95175 70304d 74 API calls 95073->95175 95164 6942a2 CreateStreamOnHGlobal 95074->95164 95077 6d3d22 95079 69511f 64 API calls 95077->95079 95078 6950f5 40 API calls 95078->95084 95080 6d3d45 95079->95080 95081 6950f5 40 API calls 95080->95081 95083 69506e messages 95081->95083 95083->94988 95084->95077 95084->95078 95084->95083 95170 69511f 95084->95170 95086 6d3d70 95085->95086 95087 695107 95085->95087 95197 6be8c4 95087->95197 95090 7028fe 95218 70274e 95090->95218 95092 702919 95092->94995 95096 6be536 ___DestructExceptionObject 95093->95096 95094 6be544 95118 6bf2d9 20 API calls _abort 95094->95118 95096->95094 95098 6be574 95096->95098 95097 6be549 95119 6c27ec 26 API calls _strftime 95097->95119 95100 6be579 95098->95100 95101 6be586 95098->95101 95120 6bf2d9 20 API calls _abort 95100->95120 95110 6c8061 95101->95110 95104 6be58f 95105 6be5a2 95104->95105 95106 6be595 95104->95106 95122 6be5d4 LeaveCriticalSection __fread_nolock 95105->95122 95121 6bf2d9 20 API calls _abort 95106->95121 95108 6be554 __wsopen_s 95108->95062 95111 6c806d ___DestructExceptionObject 95110->95111 95123 6c2f5e EnterCriticalSection 95111->95123 95113 6c807b 95124 6c80fb 95113->95124 95117 6c80ac __wsopen_s 95117->95104 95118->95097 95119->95108 95120->95108 95121->95108 95122->95108 95123->95113 95125 6c811e 95124->95125 95126 6c8177 95125->95126 95133 6c8088 95125->95133 95140 6b918d EnterCriticalSection 95125->95140 95141 6b91a1 LeaveCriticalSection 95125->95141 95142 6c4c7d 95126->95142 95131 6c8189 95131->95133 95155 6c3405 11 API calls 2 library calls 95131->95155 95137 6c80b7 95133->95137 95134 6c81a8 95156 6b918d EnterCriticalSection 95134->95156 95160 6c2fa6 LeaveCriticalSection 95137->95160 95139 6c80be 95139->95117 95140->95125 95141->95125 95146 6c4c8a CallUnexpected 95142->95146 95143 6c4cca 95158 6bf2d9 20 API calls _abort 95143->95158 95144 6c4cb5 RtlAllocateHeap 95145 6c4cc8 95144->95145 95144->95146 95149 6c29c8 95145->95149 95146->95143 95146->95144 95157 6b4ead 7 API calls 2 library calls 95146->95157 95150 6c29fc _free 95149->95150 95151 6c29d3 RtlFreeHeap 95149->95151 95150->95131 95151->95150 95152 6c29e8 95151->95152 95159 6bf2d9 20 API calls _abort 95152->95159 95154 6c29ee GetLastError 95154->95150 95155->95134 95156->95133 95157->95146 95158->95145 95159->95154 95160->95139 95162 6afddb 22 API calls 95161->95162 95163 695734 95162->95163 95163->95072 95165 6942d9 95164->95165 95166 6942bc FindResourceExW 95164->95166 95165->95084 95166->95165 95167 6d35ba LoadResource 95166->95167 95167->95165 95168 6d35cf SizeofResource 95167->95168 95168->95165 95169 6d35e3 LockResource 95168->95169 95169->95165 95171 69512e 95170->95171 95172 6d3d90 95170->95172 95176 6bece3 95171->95176 95175->95077 95179 6beaaa 95176->95179 95178 69513c 95178->95084 95183 6beab6 ___DestructExceptionObject 95179->95183 95180 6beac2 95192 6bf2d9 20 API calls _abort 95180->95192 95182 6beae8 95194 6b918d EnterCriticalSection 95182->95194 95183->95180 95183->95182 95184 6beac7 95193 6c27ec 26 API calls _strftime 95184->95193 95187 6beaf4 95195 6bec0a 62 API calls 2 library calls 95187->95195 95189 6beb08 95196 6beb27 LeaveCriticalSection __fread_nolock 95189->95196 95191 6bead2 __wsopen_s 95191->95178 95192->95184 95193->95191 95194->95187 95195->95189 95196->95191 95200 6be8e1 95197->95200 95199 695118 95199->95090 95201 6be8ed ___DestructExceptionObject 95200->95201 95202 6be92d 95201->95202 95203 6be900 ___scrt_fastfail 95201->95203 95204 6be925 __wsopen_s 95201->95204 95215 6b918d EnterCriticalSection 95202->95215 95213 6bf2d9 20 API calls _abort 95203->95213 95204->95199 95207 6be937 95216 6be6f8 38 API calls 4 library calls 95207->95216 95208 6be91a 95214 6c27ec 26 API calls _strftime 95208->95214 95210 6be94e 95217 6be96c LeaveCriticalSection __fread_nolock 95210->95217 95213->95208 95214->95204 95215->95207 95216->95210 95217->95204 95221 6be4e8 95218->95221 95220 70275d 95220->95092 95224 6be469 95221->95224 95223 6be505 95223->95220 95225 6be478 95224->95225 95226 6be48c 95224->95226 95232 6bf2d9 20 API calls _abort 95225->95232 95230 6be488 __alldvrm 95226->95230 95234 6c333f 11 API calls 2 library calls 95226->95234 95229 6be47d 95233 6c27ec 26 API calls _strftime 95229->95233 95230->95223 95232->95229 95233->95230 95234->95230 95236 702e7a 95235->95236 95237 6950f5 40 API calls 95236->95237 95238 702d3b 95236->95238 95239 7028fe 27 API calls 95236->95239 95240 69511f 64 API calls 95236->95240 95237->95236 95238->95002 95238->95019 95239->95236 95240->95236 95241->95019 95243 6be684 ___DestructExceptionObject 95242->95243 95244 6be6aa 95243->95244 95245 6be695 95243->95245 95254 6be6a5 __wsopen_s 95244->95254 95257 6b918d EnterCriticalSection 95244->95257 95255 6bf2d9 20 API calls _abort 95245->95255 95248 6be69a 95256 6c27ec 26 API calls _strftime 95248->95256 95250 6be6c6 95258 6be602 95250->95258 95252 6be6d1 95274 6be6ee LeaveCriticalSection __fread_nolock 95252->95274 95254->95049 95255->95248 95256->95254 95257->95250 95259 6be60f 95258->95259 95260 6be624 95258->95260 95275 6bf2d9 20 API calls _abort 95259->95275 95266 6be61f 95260->95266 95277 6bdc0b 95260->95277 95263 6be614 95276 6c27ec 26 API calls _strftime 95263->95276 95266->95252 95270 6be646 95294 6c862f 95270->95294 95273 6c29c8 _free 20 API calls 95273->95266 95274->95254 95275->95263 95276->95266 95278 6bdc1f 95277->95278 95279 6bdc23 95277->95279 95283 6c4d7a 95278->95283 95279->95278 95280 6bd955 __fread_nolock 26 API calls 95279->95280 95281 6bdc43 95280->95281 95309 6c59be 62 API calls 5 library calls 95281->95309 95284 6be640 95283->95284 95285 6c4d90 95283->95285 95287 6bd955 95284->95287 95285->95284 95286 6c29c8 _free 20 API calls 95285->95286 95286->95284 95288 6bd961 95287->95288 95289 6bd976 95287->95289 95310 6bf2d9 20 API calls _abort 95288->95310 95289->95270 95291 6bd966 95311 6c27ec 26 API calls _strftime 95291->95311 95293 6bd971 95293->95270 95295 6c863e 95294->95295 95296 6c8653 95294->95296 95312 6bf2c6 20 API calls _abort 95295->95312 95298 6c868e 95296->95298 95302 6c867a 95296->95302 95317 6bf2c6 20 API calls _abort 95298->95317 95299 6c8643 95313 6bf2d9 20 API calls _abort 95299->95313 95314 6c8607 95302->95314 95303 6c8693 95318 6bf2d9 20 API calls _abort 95303->95318 95306 6c869b 95319 6c27ec 26 API calls _strftime 95306->95319 95307 6be64c 95307->95266 95307->95273 95309->95278 95310->95291 95311->95293 95312->95299 95313->95307 95320 6c8585 95314->95320 95316 6c862b 95316->95307 95317->95303 95318->95306 95319->95307 95321 6c8591 ___DestructExceptionObject 95320->95321 95331 6c5147 EnterCriticalSection 95321->95331 95323 6c859f 95324 6c85c6 95323->95324 95325 6c85d1 95323->95325 95332 6c86ae 95324->95332 95347 6bf2d9 20 API calls _abort 95325->95347 95328 6c85cc 95348 6c85fb LeaveCriticalSection __wsopen_s 95328->95348 95330 6c85ee __wsopen_s 95330->95316 95331->95323 95349 6c53c4 95332->95349 95334 6c86c4 95362 6c5333 21 API calls 3 library calls 95334->95362 95336 6c86be 95336->95334 95337 6c53c4 __wsopen_s 26 API calls 95336->95337 95345 6c86f6 95336->95345 95340 6c86ed 95337->95340 95338 6c53c4 __wsopen_s 26 API calls 95341 6c8702 CloseHandle 95338->95341 95339 6c871c 95346 6c873e 95339->95346 95363 6bf2a3 20 API calls 2 library calls 95339->95363 95342 6c53c4 __wsopen_s 26 API calls 95340->95342 95341->95334 95343 6c870e GetLastError 95341->95343 95342->95345 95343->95334 95345->95334 95345->95338 95346->95328 95347->95328 95348->95330 95350 6c53e6 95349->95350 95351 6c53d1 95349->95351 95356 6c540b 95350->95356 95366 6bf2c6 20 API calls _abort 95350->95366 95364 6bf2c6 20 API calls _abort 95351->95364 95353 6c53d6 95365 6bf2d9 20 API calls _abort 95353->95365 95356->95336 95357 6c5416 95367 6bf2d9 20 API calls _abort 95357->95367 95358 6c53de 95358->95336 95360 6c541e 95368 6c27ec 26 API calls _strftime 95360->95368 95362->95339 95363->95346 95364->95353 95365->95358 95366->95357 95367->95360 95368->95358 95369 69dee5 95372 69b710 95369->95372 95373 69b72b 95372->95373 95374 6e00f8 95373->95374 95375 6e0146 95373->95375 95401 69b750 95373->95401 95378 6e0102 95374->95378 95381 6e010f 95374->95381 95374->95401 95441 7158a2 348 API calls 2 library calls 95375->95441 95439 715d33 348 API calls 95378->95439 95398 69ba20 95381->95398 95440 7161d0 348 API calls 2 library calls 95381->95440 95384 6e03d9 95384->95384 95385 6ad336 40 API calls 95385->95401 95387 69bbe0 40 API calls 95387->95401 95390 69ba4e 95391 6e0322 95454 715c0c 82 API calls 95391->95454 95398->95390 95455 70359c 82 API calls __wsopen_s 95398->95455 95401->95385 95401->95387 95401->95390 95401->95391 95401->95398 95403 69ec40 95401->95403 95427 69a81b 95401->95427 95431 6ad2f0 40 API calls 95401->95431 95432 6aa01b 348 API calls 95401->95432 95433 6b0242 5 API calls __Init_thread_wait 95401->95433 95434 6aedcd 22 API calls 95401->95434 95435 6b00a3 29 API calls __onexit 95401->95435 95436 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95401->95436 95437 6aee53 82 API calls 95401->95437 95438 6ae5ca 348 API calls 95401->95438 95442 69aceb 95401->95442 95452 6ef6bf 23 API calls 95401->95452 95453 69a8c7 22 API calls __fread_nolock 95401->95453 95421 69ec76 messages 95403->95421 95404 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95404->95421 95406 69fef7 95420 69ed9d messages 95406->95420 95519 69a8c7 22 API calls __fread_nolock 95406->95519 95407 6afddb 22 API calls 95407->95421 95409 6e4600 95409->95420 95518 69a8c7 22 API calls __fread_nolock 95409->95518 95410 6e4b0b 95521 70359c 82 API calls __wsopen_s 95410->95521 95416 6b0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95416->95421 95417 69a8c7 22 API calls 95417->95421 95418 69fbe3 95418->95420 95423 6e4bdc 95418->95423 95426 69f3ae messages 95418->95426 95419 69a961 22 API calls 95419->95421 95420->95401 95421->95404 95421->95406 95421->95407 95421->95409 95421->95410 95421->95416 95421->95417 95421->95418 95421->95419 95421->95420 95422 6b00a3 29 API calls pre_c_initialization 95421->95422 95425 6e4beb 95421->95425 95421->95426 95456 6a01e0 95421->95456 95517 6a06a0 41 API calls messages 95421->95517 95422->95421 95522 70359c 82 API calls __wsopen_s 95423->95522 95523 70359c 82 API calls __wsopen_s 95425->95523 95426->95420 95520 70359c 82 API calls __wsopen_s 95426->95520 95428 69a826 95427->95428 95429 69a855 95428->95429 95430 69a993 41 API calls 95428->95430 95429->95401 95430->95429 95431->95401 95432->95401 95433->95401 95434->95401 95435->95401 95436->95401 95437->95401 95438->95401 95439->95381 95440->95398 95441->95401 95443 69acf9 95442->95443 95451 69ad2a messages 95442->95451 95444 69ad55 95443->95444 95445 69ad01 messages 95443->95445 95444->95451 95982 69a8c7 22 API calls __fread_nolock 95444->95982 95447 6dfa48 95445->95447 95448 69ad21 95445->95448 95445->95451 95447->95451 95983 6ace17 22 API calls messages 95447->95983 95449 6dfa3a VariantClear 95448->95449 95448->95451 95449->95451 95451->95401 95452->95401 95453->95401 95454->95398 95455->95384 95457 6a0206 95456->95457 95471 6a027e 95456->95471 95458 6e5411 95457->95458 95459 6a0213 95457->95459 95599 717b7e 348 API calls 2 library calls 95458->95599 95466 6e5435 95459->95466 95469 6a021d 95459->95469 95460 6e5405 95598 70359c 82 API calls __wsopen_s 95460->95598 95462 6e5466 95467 6e5493 95462->95467 95468 6e5471 95462->95468 95463 69ec40 348 API calls 95463->95471 95466->95462 95470 6e544d 95466->95470 95524 715689 95467->95524 95601 717b7e 348 API calls 2 library calls 95468->95601 95488 6a0230 messages 95469->95488 95662 69a8c7 22 API calls __fread_nolock 95469->95662 95600 70359c 82 API calls __wsopen_s 95470->95600 95471->95463 95475 6a0405 95471->95475 95477 6e51b9 95471->95477 95491 6a03f9 95471->95491 95499 6e51ce messages 95471->95499 95500 6a0344 95471->95500 95509 6a03b2 messages 95471->95509 95475->95421 95594 70359c 82 API calls __wsopen_s 95477->95594 95478 6e568a 95485 6e56c0 95478->95485 95687 717771 67 API calls 95478->95687 95481 6e5332 95481->95488 95597 69a8c7 22 API calls __fread_nolock 95481->95597 95484 6e5532 95602 701119 22 API calls 95484->95602 95487 69aceb 23 API calls 95485->95487 95514 6a0273 messages 95487->95514 95488->95478 95488->95514 95663 717632 54 API calls __wsopen_s 95488->95663 95489 6e5668 95664 697510 95489->95664 95491->95475 95593 70359c 82 API calls __wsopen_s 95491->95593 95493 6e569e 95497 697510 53 API calls 95493->95497 95496 6e54b9 95531 700acc 95496->95531 95508 6e56a6 _wcslen 95497->95508 95498 6e5544 95603 69a673 22 API calls 95498->95603 95499->95509 95499->95514 95595 70359c 82 API calls __wsopen_s 95499->95595 95500->95491 95592 6a04f0 22 API calls 95500->95592 95503 6a03a5 95503->95491 95503->95509 95505 6e554d 95513 700acc 22 API calls 95505->95513 95506 6e5670 _wcslen 95506->95478 95510 69aceb 23 API calls 95506->95510 95508->95485 95512 69aceb 23 API calls 95508->95512 95509->95460 95509->95481 95509->95488 95509->95514 95596 6aa308 348 API calls 95509->95596 95510->95478 95512->95485 95515 6e5566 95513->95515 95514->95421 95604 69bf40 95515->95604 95517->95421 95518->95420 95519->95420 95520->95420 95521->95420 95522->95425 95523->95420 95525 7156a4 95524->95525 95530 6e549e 95524->95530 95526 6afe0b 22 API calls 95525->95526 95528 7156c6 95526->95528 95527 6afddb 22 API calls 95527->95528 95528->95527 95528->95530 95688 700a59 22 API calls 95528->95688 95530->95484 95530->95496 95532 700ada 95531->95532 95534 6e54e3 95531->95534 95533 6afddb 22 API calls 95532->95533 95532->95534 95533->95534 95535 6a1310 95534->95535 95536 6a17b0 95535->95536 95537 6a1376 95535->95537 95728 6b0242 5 API calls __Init_thread_wait 95536->95728 95539 6a1390 95537->95539 95540 6e6331 95537->95540 95689 6a1940 95539->95689 95732 71709c 348 API calls 95540->95732 95542 6a17ba 95546 6a17fb 95542->95546 95548 699cb3 22 API calls 95542->95548 95545 6e633d 95545->95488 95550 6e6346 95546->95550 95552 6a182c 95546->95552 95547 6a1940 9 API calls 95549 6a13b6 95547->95549 95556 6a17d4 95548->95556 95549->95546 95551 6a13ec 95549->95551 95733 70359c 82 API calls __wsopen_s 95550->95733 95551->95550 95575 6a1408 __fread_nolock 95551->95575 95553 69aceb 23 API calls 95552->95553 95555 6a1839 95553->95555 95730 6ad217 348 API calls 95555->95730 95729 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95556->95729 95559 6e636e 95734 70359c 82 API calls __wsopen_s 95559->95734 95560 6a152f 95562 6a153c 95560->95562 95563 6e63d1 95560->95563 95564 6a1940 9 API calls 95562->95564 95736 715745 54 API calls _wcslen 95563->95736 95566 6a1549 95564->95566 95569 6e64fa 95566->95569 95571 6a1940 9 API calls 95566->95571 95567 6afddb 22 API calls 95567->95575 95568 6afe0b 22 API calls 95568->95575 95579 6e6369 95569->95579 95738 70359c 82 API calls __wsopen_s 95569->95738 95570 6a1872 95731 6afaeb 23 API calls 95570->95731 95577 6a1563 95571->95577 95574 69ec40 348 API calls 95574->95575 95575->95555 95575->95559 95575->95560 95575->95567 95575->95568 95575->95574 95576 6e63b2 95575->95576 95575->95579 95735 70359c 82 API calls __wsopen_s 95576->95735 95577->95569 95582 6a15c7 messages 95577->95582 95737 69a8c7 22 API calls __fread_nolock 95577->95737 95579->95488 95581 6a1940 9 API calls 95581->95582 95582->95569 95582->95570 95582->95579 95582->95581 95584 6a167b messages 95582->95584 95699 71ab67 95582->95699 95702 71a2ea 95582->95702 95707 721591 95582->95707 95710 705c5a 95582->95710 95715 71abf7 95582->95715 95720 6af645 95582->95720 95583 6a171d 95583->95488 95584->95583 95727 6ace17 22 API calls messages 95584->95727 95592->95503 95593->95514 95594->95499 95595->95509 95596->95509 95597->95488 95598->95458 95599->95488 95600->95514 95601->95488 95602->95498 95603->95505 95908 69adf0 95604->95908 95606 69bf9d 95607 69bfa9 95606->95607 95608 6e04b6 95606->95608 95609 6e04c6 95607->95609 95610 69c01e 95607->95610 95926 70359c 82 API calls __wsopen_s 95608->95926 95927 70359c 82 API calls __wsopen_s 95609->95927 95913 69ac91 95610->95913 95614 69c7da 95618 6afe0b 22 API calls 95614->95618 95623 69c808 __fread_nolock 95618->95623 95620 6e04f5 95624 6e055a 95620->95624 95928 6ad217 348 API calls 95620->95928 95630 6afe0b 22 API calls 95623->95630 95645 69c603 95624->95645 95929 70359c 82 API calls __wsopen_s 95624->95929 95625 69ec40 348 API calls 95627 69c039 __fread_nolock messages 95625->95627 95626 69af8a 22 API calls 95626->95627 95627->95614 95627->95620 95627->95623 95627->95624 95627->95625 95627->95626 95628 6f7120 22 API calls 95627->95628 95629 6e091a 95627->95629 95633 69c237 95627->95633 95635 6e08a5 95627->95635 95638 6e0591 95627->95638 95640 6e08f6 95627->95640 95627->95645 95646 69aceb 23 API calls 95627->95646 95649 6afe0b 22 API calls 95627->95649 95652 6afddb 22 API calls 95627->95652 95656 6e09bf 95627->95656 95658 69bbe0 40 API calls 95627->95658 95917 69ad81 95627->95917 95931 6f7099 22 API calls __fread_nolock 95627->95931 95932 715745 54 API calls _wcslen 95627->95932 95933 6aaa42 22 API calls messages 95627->95933 95934 6ff05c 40 API calls 95627->95934 95935 69a993 95627->95935 95628->95627 95953 703209 23 API calls 95629->95953 95634 69c350 __fread_nolock messages 95630->95634 95647 69c253 95633->95647 95954 69a8c7 22 API calls __fread_nolock 95633->95954 95661 69c3ac 95634->95661 95925 6ace17 22 API calls messages 95634->95925 95636 69ec40 348 API calls 95635->95636 95639 6e08cf 95636->95639 95930 70359c 82 API calls __wsopen_s 95638->95930 95643 69a81b 41 API calls 95639->95643 95639->95645 95952 70359c 82 API calls __wsopen_s 95640->95952 95643->95640 95645->95488 95646->95627 95650 6e0976 95647->95650 95654 69c297 messages 95647->95654 95649->95627 95653 69aceb 23 API calls 95650->95653 95652->95627 95653->95656 95655 69aceb 23 API calls 95654->95655 95654->95656 95657 69c335 95655->95657 95656->95645 95955 70359c 82 API calls __wsopen_s 95656->95955 95657->95656 95659 69c342 95657->95659 95658->95627 95924 69a704 22 API calls messages 95659->95924 95661->95488 95662->95488 95663->95489 95665 697525 95664->95665 95681 697522 95664->95681 95666 69755b 95665->95666 95667 69752d 95665->95667 95669 6d50f6 95666->95669 95672 69756d 95666->95672 95677 6d500f 95666->95677 95978 6b51c6 26 API calls 95667->95978 95981 6b5183 26 API calls 95669->95981 95670 69753d 95676 6afddb 22 API calls 95670->95676 95979 6afb21 51 API calls 95672->95979 95673 6d510e 95673->95673 95678 697547 95676->95678 95680 6afe0b 22 API calls 95677->95680 95686 6d5088 95677->95686 95679 699cb3 22 API calls 95678->95679 95679->95681 95682 6d5058 95680->95682 95681->95506 95683 6afddb 22 API calls 95682->95683 95684 6d507f 95683->95684 95685 699cb3 22 API calls 95684->95685 95685->95686 95980 6afb21 51 API calls 95686->95980 95687->95493 95688->95528 95690 6a1981 95689->95690 95694 6a195d 95689->95694 95739 6b0242 5 API calls __Init_thread_wait 95690->95739 95693 6a198b 95693->95694 95740 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95693->95740 95698 6a13a0 95694->95698 95741 6b0242 5 API calls __Init_thread_wait 95694->95741 95695 6a8727 95695->95698 95742 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95695->95742 95698->95547 95743 71aff9 95699->95743 95703 697510 53 API calls 95702->95703 95704 71a306 95703->95704 95871 6fd4dc CreateToolhelp32Snapshot Process32FirstW 95704->95871 95706 71a315 95706->95582 95892 722ad8 95707->95892 95709 72159f 95709->95582 95711 697510 53 API calls 95710->95711 95712 705c6d 95711->95712 95903 6fdbbe lstrlenW 95712->95903 95714 705c77 95714->95582 95716 71aff9 217 API calls 95715->95716 95717 71ac0c 95716->95717 95718 71ac54 95717->95718 95719 69aceb 23 API calls 95717->95719 95718->95582 95719->95718 95721 69b567 39 API calls 95720->95721 95722 6af659 95721->95722 95723 6ef2dc Sleep 95722->95723 95724 6af661 timeGetTime 95722->95724 95725 69b567 39 API calls 95724->95725 95726 6af677 95725->95726 95726->95582 95727->95584 95728->95542 95729->95546 95730->95570 95731->95570 95732->95545 95733->95579 95734->95579 95735->95579 95736->95577 95737->95582 95738->95579 95739->95693 95740->95694 95741->95695 95742->95698 95744 71b01d ___scrt_fastfail 95743->95744 95745 71b094 95744->95745 95746 71b058 95744->95746 95750 69b567 39 API calls 95745->95750 95751 71b08b 95745->95751 95841 69b567 95746->95841 95748 71b063 95748->95751 95755 69b567 39 API calls 95748->95755 95749 71b0ed 95752 697510 53 API calls 95749->95752 95753 71b0a5 95750->95753 95751->95749 95756 69b567 39 API calls 95751->95756 95757 71b10b 95752->95757 95754 69b567 39 API calls 95753->95754 95754->95751 95759 71b078 95755->95759 95756->95749 95834 697620 95757->95834 95761 69b567 39 API calls 95759->95761 95760 71b115 95762 71b1d8 95760->95762 95763 71b11f 95760->95763 95761->95751 95765 71b20a GetCurrentDirectoryW 95762->95765 95768 697510 53 API calls 95762->95768 95764 697510 53 API calls 95763->95764 95766 71b130 95764->95766 95767 6afe0b 22 API calls 95765->95767 95769 697620 22 API calls 95766->95769 95770 71b22f GetCurrentDirectoryW 95767->95770 95771 71b1ef 95768->95771 95772 71b13a 95769->95772 95773 71b23c 95770->95773 95774 697620 22 API calls 95771->95774 95775 697510 53 API calls 95772->95775 95778 71b275 95773->95778 95846 699c6e 22 API calls 95773->95846 95776 71b1f9 _wcslen 95774->95776 95777 71b14b 95775->95777 95776->95765 95776->95778 95779 697620 22 API calls 95777->95779 95783 71b287 95778->95783 95784 71b28b 95778->95784 95781 71b155 95779->95781 95785 697510 53 API calls 95781->95785 95782 71b255 95847 699c6e 22 API calls 95782->95847 95791 71b2f8 95783->95791 95792 71b39a CreateProcessW 95783->95792 95849 7007c0 10 API calls 95784->95849 95788 71b166 95785->95788 95793 697620 22 API calls 95788->95793 95789 71b265 95848 699c6e 22 API calls 95789->95848 95790 71b294 95850 7006e6 10 API calls 95790->95850 95852 6f11c8 39 API calls 95791->95852 95813 71b32f _wcslen 95792->95813 95797 71b170 95793->95797 95800 71b1a6 GetSystemDirectoryW 95797->95800 95801 697510 53 API calls 95797->95801 95798 71b2aa 95851 7005a7 8 API calls 95798->95851 95799 71b2fd 95804 71b323 95799->95804 95805 71b32a 95799->95805 95803 6afe0b 22 API calls 95800->95803 95806 71b187 95801->95806 95809 71b1cb GetSystemDirectoryW 95803->95809 95853 6f1201 128 API calls 2 library calls 95804->95853 95854 6f14ce 6 API calls 95805->95854 95812 697620 22 API calls 95806->95812 95808 71b2d0 95808->95783 95809->95773 95811 71b328 95811->95813 95815 71b191 _wcslen 95812->95815 95814 71b42f CloseHandle 95813->95814 95817 71b3d6 GetLastError 95813->95817 95816 71b43f 95814->95816 95825 71b49a 95814->95825 95815->95773 95815->95800 95818 71b451 95816->95818 95819 71b446 CloseHandle 95816->95819 95824 71b41a 95817->95824 95822 71b463 95818->95822 95823 71b458 CloseHandle 95818->95823 95819->95818 95821 71b4a6 95821->95824 95826 71b475 95822->95826 95827 71b46a CloseHandle 95822->95827 95823->95822 95838 700175 95824->95838 95825->95821 95830 71b4d2 CloseHandle 95825->95830 95855 7009d9 34 API calls 95826->95855 95827->95826 95830->95824 95832 71b486 95856 71b536 25 API calls 95832->95856 95835 69762a _wcslen 95834->95835 95836 6afe0b 22 API calls 95835->95836 95837 69763f 95836->95837 95837->95760 95857 70030f 95838->95857 95842 69b578 95841->95842 95843 69b57f 95841->95843 95842->95843 95870 6b62d1 39 API calls _strftime 95842->95870 95843->95748 95845 69b5c2 95845->95748 95846->95782 95847->95789 95848->95778 95849->95790 95850->95798 95851->95808 95852->95799 95853->95811 95854->95813 95855->95832 95856->95825 95858 700321 CloseHandle 95857->95858 95859 700329 95857->95859 95858->95859 95860 700336 95859->95860 95861 70032e CloseHandle 95859->95861 95862 700343 95860->95862 95863 70033b CloseHandle 95860->95863 95861->95860 95864 700350 95862->95864 95865 700348 CloseHandle 95862->95865 95863->95862 95866 700355 CloseHandle 95864->95866 95867 70035d 95864->95867 95865->95864 95866->95867 95868 700362 CloseHandle 95867->95868 95869 70017d 95867->95869 95868->95869 95869->95582 95870->95845 95881 6fdef7 95871->95881 95873 6fd5db CloseHandle 95873->95706 95874 6fd529 Process32NextW 95874->95873 95880 6fd522 95874->95880 95875 69a961 22 API calls 95875->95880 95876 699cb3 22 API calls 95876->95880 95880->95873 95880->95874 95880->95875 95880->95876 95887 69525f 22 API calls 95880->95887 95888 696350 22 API calls 95880->95888 95889 6ace60 41 API calls 95880->95889 95882 6fdf02 95881->95882 95883 6fdf19 95882->95883 95886 6fdf1f 95882->95886 95890 6b63b2 GetStringTypeW _strftime 95882->95890 95891 6b62fb 39 API calls _strftime 95883->95891 95886->95880 95887->95880 95888->95880 95889->95880 95890->95882 95891->95886 95893 69aceb 23 API calls 95892->95893 95894 722af3 95893->95894 95895 722aff 95894->95895 95896 722b1d 95894->95896 95898 697510 53 API calls 95895->95898 95897 696b57 22 API calls 95896->95897 95901 722b1b 95897->95901 95899 722b0c 95898->95899 95899->95901 95902 69a8c7 22 API calls __fread_nolock 95899->95902 95901->95709 95902->95901 95904 6fdbdc GetFileAttributesW 95903->95904 95905 6fdc06 95903->95905 95904->95905 95906 6fdbe8 FindFirstFileW 95904->95906 95905->95714 95906->95905 95907 6fdbf9 FindClose 95906->95907 95907->95905 95909 69ae01 95908->95909 95912 69ae1c messages 95908->95912 95910 69aec9 22 API calls 95909->95910 95911 69ae09 CharUpperBuffW 95910->95911 95911->95912 95912->95606 95915 69acae 95913->95915 95914 69acd1 95914->95627 95915->95914 95956 70359c 82 API calls __wsopen_s 95915->95956 95918 6dfadb 95917->95918 95919 69ad92 95917->95919 95920 6afddb 22 API calls 95919->95920 95921 69ad99 95920->95921 95957 69adcd 95921->95957 95924->95634 95925->95634 95926->95609 95927->95645 95928->95624 95929->95645 95930->95645 95931->95627 95932->95627 95933->95627 95934->95627 95965 69bbe0 95935->95965 95937 69a9a3 95938 6df8c8 95937->95938 95939 69a9b1 95937->95939 95940 69aceb 23 API calls 95938->95940 95941 6afddb 22 API calls 95939->95941 95942 6df8d3 95940->95942 95943 69a9c2 95941->95943 95944 69a961 22 API calls 95943->95944 95945 69a9cc 95944->95945 95946 69a9db 95945->95946 95973 69a8c7 22 API calls __fread_nolock 95945->95973 95948 6afddb 22 API calls 95946->95948 95949 69a9e5 95948->95949 95974 69a869 40 API calls 95949->95974 95951 69aa09 95951->95627 95952->95645 95953->95633 95954->95647 95955->95645 95956->95914 95961 69addd 95957->95961 95958 69adb6 95958->95627 95959 6afddb 22 API calls 95959->95961 95960 69a961 22 API calls 95960->95961 95961->95958 95961->95959 95961->95960 95962 69adcd 22 API calls 95961->95962 95964 69a8c7 22 API calls __fread_nolock 95961->95964 95962->95961 95964->95961 95966 69be27 95965->95966 95971 69bbf3 95965->95971 95966->95937 95968 69bc9d 95968->95937 95969 69a961 22 API calls 95969->95971 95971->95968 95971->95969 95975 6b0242 5 API calls __Init_thread_wait 95971->95975 95976 6b00a3 29 API calls __onexit 95971->95976 95977 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95971->95977 95973->95946 95974->95951 95975->95971 95976->95971 95977->95971 95978->95670 95979->95670 95980->95669 95981->95673 95982->95451 95983->95451 95984 6b03fb 95985 6b0407 ___DestructExceptionObject 95984->95985 96013 6afeb1 95985->96013 95987 6b0561 96043 6b083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95987->96043 95989 6b040e 95989->95987 95991 6b0438 95989->95991 95990 6b0568 96036 6b4e52 95990->96036 96002 6b0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95991->96002 96024 6c247d 95991->96024 95998 6b0457 96000 6b04d8 96032 6b0959 96000->96032 96002->96000 96039 6b4e1a 38 API calls 3 library calls 96002->96039 96004 6b04de 96005 6b04f3 96004->96005 96040 6b0992 GetModuleHandleW 96005->96040 96007 6b04fa 96007->95990 96008 6b04fe 96007->96008 96009 6b0507 96008->96009 96041 6b4df5 28 API calls _abort 96008->96041 96042 6b0040 13 API calls 2 library calls 96009->96042 96012 6b050f 96012->95998 96014 6afeba 96013->96014 96045 6b0698 IsProcessorFeaturePresent 96014->96045 96016 6afec6 96046 6b2c94 10 API calls 3 library calls 96016->96046 96018 6afecb 96023 6afecf 96018->96023 96047 6c2317 96018->96047 96021 6afee6 96021->95989 96023->95989 96026 6c2494 96024->96026 96025 6b0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96027 6b0451 96025->96027 96026->96025 96027->95998 96028 6c2421 96027->96028 96029 6c2450 96028->96029 96030 6b0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96029->96030 96031 6c2479 96030->96031 96031->96002 96106 6b2340 96032->96106 96035 6b097f 96035->96004 96108 6b4bcf 96036->96108 96039->96000 96040->96007 96041->96009 96042->96012 96043->95990 96045->96016 96046->96018 96051 6cd1f6 96047->96051 96050 6b2cbd 8 API calls 3 library calls 96050->96023 96052 6cd20f 96051->96052 96053 6cd213 96051->96053 96069 6b0a8c 96052->96069 96053->96052 96057 6c4bfb 96053->96057 96055 6afed8 96055->96021 96055->96050 96058 6c4c07 ___DestructExceptionObject 96057->96058 96076 6c2f5e EnterCriticalSection 96058->96076 96060 6c4c0e 96077 6c50af 96060->96077 96062 6c4c1d 96063 6c4c2c 96062->96063 96090 6c4a8f 29 API calls 96062->96090 96092 6c4c48 LeaveCriticalSection _abort 96063->96092 96066 6c4c27 96091 6c4b45 GetStdHandle GetFileType 96066->96091 96068 6c4c3d __wsopen_s 96068->96053 96070 6b0a97 IsProcessorFeaturePresent 96069->96070 96071 6b0a95 96069->96071 96073 6b0c5d 96070->96073 96071->96055 96105 6b0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96073->96105 96075 6b0d40 96075->96055 96076->96060 96078 6c50bb ___DestructExceptionObject 96077->96078 96079 6c50df 96078->96079 96080 6c50c8 96078->96080 96093 6c2f5e EnterCriticalSection 96079->96093 96101 6bf2d9 20 API calls _abort 96080->96101 96083 6c50eb 96089 6c5117 96083->96089 96094 6c5000 96083->96094 96084 6c50cd 96102 6c27ec 26 API calls _strftime 96084->96102 96088 6c50d7 __wsopen_s 96088->96062 96103 6c513e LeaveCriticalSection _abort 96089->96103 96090->96066 96091->96063 96092->96068 96093->96083 96095 6c4c7d CallUnexpected 20 API calls 96094->96095 96096 6c5012 96095->96096 96097 6c501f 96096->96097 96104 6c3405 11 API calls 2 library calls 96096->96104 96098 6c29c8 _free 20 API calls 96097->96098 96100 6c5071 96098->96100 96100->96083 96101->96084 96102->96088 96103->96088 96104->96096 96105->96075 96107 6b096c GetStartupInfoW 96106->96107 96107->96035 96109 6b4bdb CallUnexpected 96108->96109 96110 6b4be2 96109->96110 96111 6b4bf4 96109->96111 96147 6b4d29 GetModuleHandleW 96110->96147 96132 6c2f5e EnterCriticalSection 96111->96132 96114 6b4be7 96114->96111 96148 6b4d6d GetModuleHandleExW 96114->96148 96115 6b4c99 96136 6b4cd9 96115->96136 96118 6b4bfb 96118->96115 96120 6b4c70 96118->96120 96133 6c21a8 96118->96133 96124 6b4c88 96120->96124 96129 6c2421 _abort 5 API calls 96120->96129 96122 6b4ce2 96156 6d1d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 96122->96156 96123 6b4cb6 96139 6b4ce8 96123->96139 96125 6c2421 _abort 5 API calls 96124->96125 96125->96115 96129->96124 96132->96118 96157 6c1ee1 96133->96157 96176 6c2fa6 LeaveCriticalSection 96136->96176 96138 6b4cb2 96138->96122 96138->96123 96177 6c360c 96139->96177 96142 6b4d16 96145 6b4d6d _abort 8 API calls 96142->96145 96143 6b4cf6 GetPEB 96143->96142 96144 6b4d06 GetCurrentProcess TerminateProcess 96143->96144 96144->96142 96146 6b4d1e ExitProcess 96145->96146 96147->96114 96149 6b4dba 96148->96149 96150 6b4d97 GetProcAddress 96148->96150 96151 6b4dc9 96149->96151 96152 6b4dc0 FreeLibrary 96149->96152 96153 6b4dac 96150->96153 96154 6b0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96151->96154 96152->96151 96153->96149 96155 6b4bf3 96154->96155 96155->96111 96160 6c1e90 96157->96160 96159 6c1f05 96159->96120 96161 6c1e9c ___DestructExceptionObject 96160->96161 96168 6c2f5e EnterCriticalSection 96161->96168 96163 6c1eaa 96169 6c1f31 96163->96169 96167 6c1ec8 __wsopen_s 96167->96159 96168->96163 96172 6c1f59 96169->96172 96173 6c1f51 96169->96173 96170 6b0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96171 6c1eb7 96170->96171 96175 6c1ed5 LeaveCriticalSection _abort 96171->96175 96172->96173 96174 6c29c8 _free 20 API calls 96172->96174 96173->96170 96174->96173 96175->96167 96176->96138 96178 6c3627 96177->96178 96179 6c3631 96177->96179 96181 6b0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 96178->96181 96184 6c2fd7 5 API calls 2 library calls 96179->96184 96182 6b4cf2 96181->96182 96182->96142 96182->96143 96183 6c3648 96183->96178 96184->96183 96185 6ed27a GetUserNameW 96186 6ed292 96185->96186 96187 69defc 96190 691d6f 96187->96190 96189 69df07 96191 691d8c 96190->96191 96199 691f6f 96191->96199 96193 691da6 96194 6d2759 96193->96194 96196 691e36 96193->96196 96197 691dc2 96193->96197 96203 70359c 82 API calls __wsopen_s 96194->96203 96196->96189 96197->96196 96202 69289a 23 API calls 96197->96202 96200 69ec40 348 API calls 96199->96200 96201 691f98 96200->96201 96201->96193 96202->96196 96203->96196 96204 69fe73 96211 6aceb1 96204->96211 96206 69fe89 96220 6acf92 96206->96220 96208 69feb3 96232 70359c 82 API calls __wsopen_s 96208->96232 96210 6e4ab8 96212 6acebf 96211->96212 96213 6aced2 96211->96213 96216 69aceb 23 API calls 96212->96216 96214 6aced7 96213->96214 96215 6acf05 96213->96215 96217 6afddb 22 API calls 96214->96217 96218 69aceb 23 API calls 96215->96218 96219 6acec9 96216->96219 96217->96219 96218->96219 96219->96206 96221 696270 22 API calls 96220->96221 96222 6acfc9 96221->96222 96223 699cb3 22 API calls 96222->96223 96226 6acffa 96222->96226 96224 6ed166 96223->96224 96233 696350 22 API calls 96224->96233 96226->96208 96227 6ed171 96234 6ad2f0 40 API calls 96227->96234 96229 6ed184 96230 6ed188 96229->96230 96231 69aceb 23 API calls 96229->96231 96231->96230 96232->96210 96233->96227 96234->96229 96235 691033 96240 694c91 96235->96240 96239 691042 96241 69a961 22 API calls 96240->96241 96242 694cff 96241->96242 96248 693af0 96242->96248 96245 694d9c 96246 691038 96245->96246 96251 6951f7 22 API calls __fread_nolock 96245->96251 96247 6b00a3 29 API calls __onexit 96246->96247 96247->96239 96252 693b1c 96248->96252 96251->96245 96253 693b29 96252->96253 96255 693b0f 96252->96255 96254 693b30 RegOpenKeyExW 96253->96254 96253->96255 96254->96255 96256 693b4a RegQueryValueExW 96254->96256 96255->96245 96257 693b6b 96256->96257 96258 693b80 RegCloseKey 96256->96258 96257->96258 96258->96255 96259 6e3f75 96260 6aceb1 23 API calls 96259->96260 96261 6e3f8b 96260->96261 96262 6e4006 96261->96262 96270 6ae300 23 API calls 96261->96270 96264 69bf40 348 API calls 96262->96264 96267 6e4052 96264->96267 96265 6e3fe6 96265->96267 96271 701abf 22 API calls 96265->96271 96268 6e4a88 96267->96268 96272 70359c 82 API calls __wsopen_s 96267->96272 96270->96265 96271->96262 96272->96268 96273 692e37 96274 69a961 22 API calls 96273->96274 96275 692e4d 96274->96275 96352 694ae3 96275->96352 96277 692e6b 96278 693a5a 24 API calls 96277->96278 96279 692e7f 96278->96279 96280 699cb3 22 API calls 96279->96280 96281 692e8c 96280->96281 96282 694ecb 94 API calls 96281->96282 96283 692ea5 96282->96283 96284 692ead 96283->96284 96285 6d2cb0 96283->96285 96366 69a8c7 22 API calls __fread_nolock 96284->96366 96286 702cf9 80 API calls 96285->96286 96287 6d2cc3 96286->96287 96288 6d2ccf 96287->96288 96290 694f39 68 API calls 96287->96290 96294 694f39 68 API calls 96288->96294 96290->96288 96291 692ec3 96367 696f88 22 API calls 96291->96367 96293 692ecf 96295 699cb3 22 API calls 96293->96295 96296 6d2ce5 96294->96296 96297 692edc 96295->96297 96382 693084 22 API calls 96296->96382 96298 69a81b 41 API calls 96297->96298 96299 692eec 96298->96299 96302 699cb3 22 API calls 96299->96302 96301 6d2d02 96383 693084 22 API calls 96301->96383 96304 692f12 96302->96304 96306 69a81b 41 API calls 96304->96306 96305 6d2d1e 96307 693a5a 24 API calls 96305->96307 96309 692f21 96306->96309 96308 6d2d44 96307->96308 96384 693084 22 API calls 96308->96384 96312 69a961 22 API calls 96309->96312 96311 6d2d50 96385 69a8c7 22 API calls __fread_nolock 96311->96385 96313 692f3f 96312->96313 96368 693084 22 API calls 96313->96368 96316 6d2d5e 96386 693084 22 API calls 96316->96386 96317 692f4b 96369 6b4a28 40 API calls 2 library calls 96317->96369 96320 6d2d6d 96387 69a8c7 22 API calls __fread_nolock 96320->96387 96321 692f59 96321->96296 96322 692f63 96321->96322 96370 6b4a28 40 API calls 2 library calls 96322->96370 96325 6d2d83 96388 693084 22 API calls 96325->96388 96326 692f6e 96326->96301 96328 692f78 96326->96328 96371 6b4a28 40 API calls 2 library calls 96328->96371 96329 6d2d90 96331 692f83 96331->96305 96332 692f8d 96331->96332 96372 6b4a28 40 API calls 2 library calls 96332->96372 96334 692f98 96335 692fdc 96334->96335 96373 693084 22 API calls 96334->96373 96335->96320 96336 692fe8 96335->96336 96336->96329 96376 6963eb 22 API calls 96336->96376 96338 692fbf 96374 69a8c7 22 API calls __fread_nolock 96338->96374 96341 692ff8 96377 696a50 22 API calls 96341->96377 96342 692fcd 96375 693084 22 API calls 96342->96375 96345 693006 96378 6970b0 23 API calls 96345->96378 96349 693021 96350 693065 96349->96350 96379 696f88 22 API calls 96349->96379 96380 6970b0 23 API calls 96349->96380 96381 693084 22 API calls 96349->96381 96353 694af0 __wsopen_s 96352->96353 96354 696b57 22 API calls 96353->96354 96355 694b22 96353->96355 96354->96355 96365 694b58 96355->96365 96389 694c6d 96355->96389 96357 699cb3 22 API calls 96359 694c52 96357->96359 96358 699cb3 22 API calls 96358->96365 96360 69515f 22 API calls 96359->96360 96363 694c5e 96360->96363 96361 694c6d 22 API calls 96361->96365 96362 69515f 22 API calls 96362->96365 96363->96277 96364 694c29 96364->96357 96364->96363 96365->96358 96365->96361 96365->96362 96365->96364 96366->96291 96367->96293 96368->96317 96369->96321 96370->96326 96371->96331 96372->96334 96373->96338 96374->96342 96375->96335 96376->96341 96377->96345 96378->96349 96379->96349 96380->96349 96381->96349 96382->96301 96383->96305 96384->96311 96385->96316 96386->96320 96387->96325 96388->96329 96390 69aec9 22 API calls 96389->96390 96391 694c78 96390->96391 96391->96355 96392 722a55 96400 701ebc 96392->96400 96395 722a70 96402 6f39c0 22 API calls 96395->96402 96396 722a87 96398 722a7c 96403 6f417d 22 API calls __fread_nolock 96398->96403 96401 701ec3 IsWindow 96400->96401 96401->96395 96401->96396 96402->96398 96403->96396 96404 691044 96409 6910f3 96404->96409 96406 69104a 96445 6b00a3 29 API calls __onexit 96406->96445 96408 691054 96446 691398 96409->96446 96413 69116a 96414 69a961 22 API calls 96413->96414 96415 691174 96414->96415 96416 69a961 22 API calls 96415->96416 96417 69117e 96416->96417 96418 69a961 22 API calls 96417->96418 96419 691188 96418->96419 96420 69a961 22 API calls 96419->96420 96421 6911c6 96420->96421 96422 69a961 22 API calls 96421->96422 96423 691292 96422->96423 96456 69171c 96423->96456 96427 6912c4 96428 69a961 22 API calls 96427->96428 96429 6912ce 96428->96429 96430 6a1940 9 API calls 96429->96430 96431 6912f9 96430->96431 96477 691aab 96431->96477 96433 691315 96434 691325 GetStdHandle 96433->96434 96435 69137a 96434->96435 96436 6d2485 96434->96436 96439 691387 OleInitialize 96435->96439 96436->96435 96437 6d248e 96436->96437 96438 6afddb 22 API calls 96437->96438 96440 6d2495 96438->96440 96439->96406 96484 70011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96440->96484 96442 6d249e 96485 700944 CreateThread 96442->96485 96444 6d24aa CloseHandle 96444->96435 96445->96408 96486 6913f1 96446->96486 96449 6913f1 22 API calls 96450 6913d0 96449->96450 96451 69a961 22 API calls 96450->96451 96452 6913dc 96451->96452 96453 696b57 22 API calls 96452->96453 96454 691129 96453->96454 96455 691bc3 6 API calls 96454->96455 96455->96413 96457 69a961 22 API calls 96456->96457 96458 69172c 96457->96458 96459 69a961 22 API calls 96458->96459 96460 691734 96459->96460 96461 69a961 22 API calls 96460->96461 96462 69174f 96461->96462 96463 6afddb 22 API calls 96462->96463 96464 69129c 96463->96464 96465 691b4a 96464->96465 96466 691b58 96465->96466 96467 69a961 22 API calls 96466->96467 96468 691b63 96467->96468 96469 69a961 22 API calls 96468->96469 96470 691b6e 96469->96470 96471 69a961 22 API calls 96470->96471 96472 691b79 96471->96472 96473 69a961 22 API calls 96472->96473 96474 691b84 96473->96474 96475 6afddb 22 API calls 96474->96475 96476 691b96 RegisterWindowMessageW 96475->96476 96476->96427 96478 6d272d 96477->96478 96479 691abb 96477->96479 96493 703209 23 API calls 96478->96493 96481 6afddb 22 API calls 96479->96481 96483 691ac3 96481->96483 96482 6d2738 96483->96433 96484->96442 96485->96444 96494 70092a 28 API calls 96485->96494 96487 69a961 22 API calls 96486->96487 96488 6913fc 96487->96488 96489 69a961 22 API calls 96488->96489 96490 691404 96489->96490 96491 69a961 22 API calls 96490->96491 96492 6913c6 96491->96492 96492->96449 96493->96482 96495 6e2a00 96511 69d7b0 messages 96495->96511 96496 69db11 PeekMessageW 96496->96511 96497 69d807 GetInputState 96497->96496 96497->96511 96498 6e1cbe TranslateAcceleratorW 96498->96511 96500 69db8f PeekMessageW 96500->96511 96501 69da04 timeGetTime 96501->96511 96502 69db73 TranslateMessage DispatchMessageW 96502->96500 96503 69dbaf Sleep 96503->96511 96504 6e2b74 Sleep 96517 6e2a51 96504->96517 96506 6e1dda timeGetTime 96563 6ae300 23 API calls 96506->96563 96508 6fd4dc 47 API calls 96508->96517 96510 6e2c0b GetExitCodeProcess 96512 6e2c37 CloseHandle 96510->96512 96513 6e2c21 WaitForSingleObject 96510->96513 96511->96496 96511->96497 96511->96498 96511->96500 96511->96501 96511->96502 96511->96503 96511->96504 96511->96506 96515 69d9d5 96511->96515 96511->96517 96523 69ec40 348 API calls 96511->96523 96524 6a1310 348 API calls 96511->96524 96525 69bf40 348 API calls 96511->96525 96527 69dd50 96511->96527 96534 69dfd0 96511->96534 96557 6aedf6 96511->96557 96562 6ae551 timeGetTime 96511->96562 96564 703a2a 23 API calls 96511->96564 96565 70359c 82 API calls __wsopen_s 96511->96565 96512->96517 96513->96511 96513->96512 96514 7229bf GetForegroundWindow 96514->96517 96517->96508 96517->96510 96517->96511 96517->96514 96517->96515 96518 6e2ca9 Sleep 96517->96518 96566 715658 23 API calls 96517->96566 96567 6fe97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96517->96567 96568 6ae551 timeGetTime 96517->96568 96518->96511 96523->96511 96524->96511 96525->96511 96528 69dd6f 96527->96528 96529 69dd83 96527->96529 96569 69d260 96528->96569 96601 70359c 82 API calls __wsopen_s 96529->96601 96531 69dd7a 96531->96511 96533 6e2f75 96533->96533 96535 69e010 96534->96535 96550 69e0dc messages 96535->96550 96610 6b0242 5 API calls __Init_thread_wait 96535->96610 96538 6e2fca 96540 69a961 22 API calls 96538->96540 96538->96550 96539 69a961 22 API calls 96539->96550 96541 6e2fe4 96540->96541 96611 6b00a3 29 API calls __onexit 96541->96611 96542 69a81b 41 API calls 96542->96550 96545 6e2fee 96612 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96545->96612 96550->96539 96550->96542 96551 69ec40 348 API calls 96550->96551 96552 69e3e1 96550->96552 96553 6a04f0 22 API calls 96550->96553 96554 70359c 82 API calls 96550->96554 96608 69a8c7 22 API calls __fread_nolock 96550->96608 96609 6aa308 348 API calls 96550->96609 96613 6b0242 5 API calls __Init_thread_wait 96550->96613 96614 6b00a3 29 API calls __onexit 96550->96614 96615 6b01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96550->96615 96616 7147d4 348 API calls 96550->96616 96617 7168c1 348 API calls 96550->96617 96551->96550 96552->96511 96553->96550 96554->96550 96559 6aee09 96557->96559 96560 6aee12 96557->96560 96558 6aee36 IsDialogMessageW 96558->96559 96558->96560 96559->96511 96560->96558 96560->96559 96561 6eefaf GetClassLongW 96560->96561 96561->96558 96561->96560 96562->96511 96563->96511 96564->96511 96565->96511 96566->96517 96567->96517 96568->96517 96570 69ec40 348 API calls 96569->96570 96589 69d29d 96570->96589 96571 6e1bc4 96607 70359c 82 API calls __wsopen_s 96571->96607 96573 69d30b messages 96573->96531 96574 69d3c3 96576 69d6d5 96574->96576 96577 69d3ce 96574->96577 96575 69d5ff 96578 6e1bb5 96575->96578 96579 69d614 96575->96579 96576->96573 96584 6afe0b 22 API calls 96576->96584 96581 6afddb 22 API calls 96577->96581 96606 715705 23 API calls 96578->96606 96583 6afddb 22 API calls 96579->96583 96580 69d4b8 96585 6afe0b 22 API calls 96580->96585 96590 69d3d5 __fread_nolock 96581->96590 96594 69d46a 96583->96594 96584->96590 96596 69d429 __fread_nolock messages 96585->96596 96586 6afddb 22 API calls 96588 69d3f6 96586->96588 96587 6afddb 22 API calls 96587->96589 96588->96596 96602 69bec0 348 API calls 96588->96602 96589->96571 96589->96573 96589->96574 96589->96576 96589->96580 96589->96587 96589->96596 96590->96586 96590->96588 96592 6e1ba4 96605 70359c 82 API calls __wsopen_s 96592->96605 96594->96531 96595 691f6f 348 API calls 96595->96596 96596->96575 96596->96592 96596->96594 96596->96595 96597 6e1b7f 96596->96597 96599 6e1b5d 96596->96599 96604 70359c 82 API calls __wsopen_s 96597->96604 96603 70359c 82 API calls __wsopen_s 96599->96603 96601->96533 96602->96596 96603->96594 96604->96594 96605->96594 96606->96571 96607->96573 96608->96550 96609->96550 96610->96538 96611->96545 96612->96550 96613->96550 96614->96550 96615->96550 96616->96550 96617->96550 96618 6c8402 96623 6c81be 96618->96623 96621 6c842a 96628 6c81ef try_get_first_available_module 96623->96628 96625 6c83ee 96642 6c27ec 26 API calls _strftime 96625->96642 96627 6c8343 96627->96621 96635 6d0984 96627->96635 96631 6c8338 96628->96631 96638 6b8e0b 40 API calls 2 library calls 96628->96638 96630 6c838c 96630->96631 96639 6b8e0b 40 API calls 2 library calls 96630->96639 96631->96627 96641 6bf2d9 20 API calls _abort 96631->96641 96633 6c83ab 96633->96631 96640 6b8e0b 40 API calls 2 library calls 96633->96640 96643 6d0081 96635->96643 96637 6d099f 96637->96621 96638->96630 96639->96633 96640->96631 96641->96625 96642->96627 96646 6d008d ___DestructExceptionObject 96643->96646 96644 6d009b 96701 6bf2d9 20 API calls _abort 96644->96701 96646->96644 96648 6d00d4 96646->96648 96647 6d00a0 96702 6c27ec 26 API calls _strftime 96647->96702 96654 6d065b 96648->96654 96653 6d00aa __wsopen_s 96653->96637 96704 6d042f 96654->96704 96657 6d068d 96736 6bf2c6 20 API calls _abort 96657->96736 96658 6d06a6 96722 6c5221 96658->96722 96661 6d0692 96737 6bf2d9 20 API calls _abort 96661->96737 96662 6d06ab 96663 6d06cb 96662->96663 96664 6d06b4 96662->96664 96735 6d039a CreateFileW 96663->96735 96738 6bf2c6 20 API calls _abort 96664->96738 96668 6d06b9 96739 6bf2d9 20 API calls _abort 96668->96739 96670 6d0781 GetFileType 96672 6d078c GetLastError 96670->96672 96673 6d07d3 96670->96673 96671 6d0756 GetLastError 96741 6bf2a3 20 API calls 2 library calls 96671->96741 96742 6bf2a3 20 API calls 2 library calls 96672->96742 96744 6c516a 21 API calls 3 library calls 96673->96744 96675 6d0704 96675->96670 96675->96671 96740 6d039a CreateFileW 96675->96740 96677 6d079a CloseHandle 96677->96661 96679 6d07c3 96677->96679 96743 6bf2d9 20 API calls _abort 96679->96743 96681 6d0749 96681->96670 96681->96671 96683 6d07f4 96685 6d0840 96683->96685 96745 6d05ab 72 API calls 4 library calls 96683->96745 96684 6d07c8 96684->96661 96689 6d086d 96685->96689 96746 6d014d 72 API calls 4 library calls 96685->96746 96688 6d0866 96688->96689 96691 6d087e 96688->96691 96690 6c86ae __wsopen_s 29 API calls 96689->96690 96692 6d00f8 96690->96692 96691->96692 96693 6d08fc CloseHandle 96691->96693 96703 6d0121 LeaveCriticalSection __wsopen_s 96692->96703 96747 6d039a CreateFileW 96693->96747 96695 6d0927 96696 6d0931 GetLastError 96695->96696 96697 6d095d 96695->96697 96748 6bf2a3 20 API calls 2 library calls 96696->96748 96697->96692 96699 6d093d 96749 6c5333 21 API calls 3 library calls 96699->96749 96701->96647 96702->96653 96703->96653 96705 6d046a 96704->96705 96706 6d0450 96704->96706 96750 6d03bf 96705->96750 96706->96705 96757 6bf2d9 20 API calls _abort 96706->96757 96709 6d045f 96758 6c27ec 26 API calls _strftime 96709->96758 96711 6d04a2 96712 6d04d1 96711->96712 96759 6bf2d9 20 API calls _abort 96711->96759 96716 6d0524 96712->96716 96761 6bd70d 26 API calls 2 library calls 96712->96761 96715 6d04c6 96760 6c27ec 26 API calls _strftime 96715->96760 96716->96657 96716->96658 96717 6d051f 96717->96716 96718 6d059e 96717->96718 96762 6c27fc 11 API calls _abort 96718->96762 96721 6d05aa 96723 6c522d ___DestructExceptionObject 96722->96723 96765 6c2f5e EnterCriticalSection 96723->96765 96725 6c5259 96727 6c5000 __wsopen_s 21 API calls 96725->96727 96730 6c525e 96727->96730 96728 6c52a4 __wsopen_s 96728->96662 96729 6c5234 96729->96725 96731 6c52c7 EnterCriticalSection 96729->96731 96733 6c527b 96729->96733 96730->96733 96769 6c5147 EnterCriticalSection 96730->96769 96732 6c52d4 LeaveCriticalSection 96731->96732 96731->96733 96732->96729 96766 6c532a 96733->96766 96735->96675 96736->96661 96737->96692 96738->96668 96739->96661 96740->96681 96741->96661 96742->96677 96743->96684 96744->96683 96745->96685 96746->96688 96747->96695 96748->96699 96749->96697 96751 6d03d7 96750->96751 96754 6d03f2 96751->96754 96763 6bf2d9 20 API calls _abort 96751->96763 96753 6d0416 96764 6c27ec 26 API calls _strftime 96753->96764 96754->96711 96756 6d0421 96756->96711 96757->96709 96758->96705 96759->96715 96760->96712 96761->96717 96762->96721 96763->96753 96764->96756 96765->96729 96770 6c2fa6 LeaveCriticalSection 96766->96770 96768 6c5331 96768->96728 96769->96733 96770->96768 96771 6d2402 96774 691410 96771->96774 96775 6d24b8 DestroyWindow 96774->96775 96776 69144f mciSendStringW 96774->96776 96788 6d24c4 96775->96788 96777 69146b 96776->96777 96778 6916c6 96776->96778 96779 691479 96777->96779 96777->96788 96778->96777 96780 6916d5 UnregisterHotKey 96778->96780 96807 69182e 96779->96807 96780->96778 96782 6d24d8 96782->96788 96813 696246 CloseHandle 96782->96813 96783 6d24e2 FindClose 96783->96788 96785 6d2509 96789 6d252d 96785->96789 96790 6d251c FreeLibrary 96785->96790 96787 69148e 96787->96789 96797 69149c 96787->96797 96788->96782 96788->96783 96788->96785 96791 6d2541 VirtualFree 96789->96791 96798 691509 96789->96798 96790->96785 96791->96789 96792 6914f8 CoUninitialize 96792->96798 96793 6d2589 96800 6d2598 messages 96793->96800 96814 7032eb 6 API calls messages 96793->96814 96794 691514 96795 691524 96794->96795 96811 691944 VirtualFreeEx CloseHandle 96795->96811 96797->96792 96798->96793 96798->96794 96803 6d2627 96800->96803 96815 6f64d4 22 API calls messages 96800->96815 96802 69153a 96802->96800 96804 69161f 96802->96804 96803->96803 96804->96803 96812 691876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96804->96812 96806 6916c1 96808 69183b 96807->96808 96809 691480 96808->96809 96816 6f702a 22 API calls 96808->96816 96809->96785 96809->96787 96811->96802 96812->96806 96813->96782 96814->96793 96815->96800 96816->96808 96817 691098 96822 6942de 96817->96822 96821 6910a7 96823 69a961 22 API calls 96822->96823 96824 6942f5 GetVersionExW 96823->96824 96825 696b57 22 API calls 96824->96825 96826 694342 96825->96826 96827 6993b2 22 API calls 96826->96827 96836 694378 96826->96836 96828 69436c 96827->96828 96830 6937a0 22 API calls 96828->96830 96829 69441b GetCurrentProcess IsWow64Process 96831 694437 96829->96831 96830->96836 96832 69444f LoadLibraryA 96831->96832 96833 6d3824 GetSystemInfo 96831->96833 96834 69449c GetSystemInfo 96832->96834 96835 694460 GetProcAddress 96832->96835 96839 694476 96834->96839 96835->96834 96838 694470 GetNativeSystemInfo 96835->96838 96836->96829 96837 6d37df 96836->96837 96838->96839 96840 69447a FreeLibrary 96839->96840 96841 69109d 96839->96841 96840->96841 96842 6b00a3 29 API calls __onexit 96841->96842 96842->96821 96843 6ed35f 96844 6ed30c 96843->96844 96846 6fdf27 SHGetFolderPathW 96844->96846 96847 696b57 22 API calls 96846->96847 96848 6fdf54 96847->96848 96848->96844 96849 6ed79f 96850 693b1c 3 API calls 96849->96850 96851 6ed7bf 96850->96851 96854 699c6e 22 API calls 96851->96854 96853 6ed7ef 96853->96853 96854->96853 96855 69105b 96860 69344d 96855->96860 96857 69106a 96891 6b00a3 29 API calls __onexit 96857->96891 96859 691074 96861 69345d __wsopen_s 96860->96861 96862 69a961 22 API calls 96861->96862 96863 693513 96862->96863 96864 693a5a 24 API calls 96863->96864 96865 69351c 96864->96865 96892 693357 96865->96892 96868 6933c6 22 API calls 96869 693535 96868->96869 96870 69515f 22 API calls 96869->96870 96871 693544 96870->96871 96872 69a961 22 API calls 96871->96872 96873 69354d 96872->96873 96874 69a6c3 22 API calls 96873->96874 96875 693556 RegOpenKeyExW 96874->96875 96876 693578 96875->96876 96877 6d3176 RegQueryValueExW 96875->96877 96876->96857 96878 6d320c RegCloseKey 96877->96878 96879 6d3193 96877->96879 96878->96876 96890 6d321e _wcslen 96878->96890 96880 6afe0b 22 API calls 96879->96880 96881 6d31ac 96880->96881 96883 695722 22 API calls 96881->96883 96882 694c6d 22 API calls 96882->96890 96884 6d31b7 RegQueryValueExW 96883->96884 96885 6d31d4 96884->96885 96887 6d31ee messages 96884->96887 96886 696b57 22 API calls 96885->96886 96886->96887 96887->96878 96888 699cb3 22 API calls 96888->96890 96889 69515f 22 API calls 96889->96890 96890->96876 96890->96882 96890->96888 96890->96889 96891->96859 96893 6d1f50 __wsopen_s 96892->96893 96894 693364 GetFullPathNameW 96893->96894 96895 693386 96894->96895 96896 696b57 22 API calls 96895->96896 96897 6933a4 96896->96897 96897->96868 96898 6af698 96899 6af6a2 96898->96899 96903 6af6c3 96898->96903 96907 69af8a 96899->96907 96902 6af6b2 96904 69af8a 22 API calls 96902->96904 96905 6ef2f8 96903->96905 96915 6f4d4a 22 API calls messages 96903->96915 96906 6af6c2 96904->96906 96908 69af98 96907->96908 96914 69afc0 messages 96907->96914 96909 69afa6 96908->96909 96910 69af8a 22 API calls 96908->96910 96911 69afac 96909->96911 96912 69af8a 22 API calls 96909->96912 96910->96909 96911->96914 96916 69b090 96911->96916 96912->96911 96914->96902 96915->96903 96917 69b09b messages 96916->96917 96918 69b0d6 messages 96917->96918 96920 6ace17 22 API calls messages 96917->96920 96918->96914 96920->96918 96921 6ed29a 96924 6fde27 WSAStartup 96921->96924 96923 6ed2a5 96925 6fde50 gethostname gethostbyname 96924->96925 96926 6fdee6 96924->96926 96925->96926 96927 6fde73 __fread_nolock 96925->96927 96926->96923 96928 6fdea5 inet_ntoa 96927->96928 96932 6fde87 96927->96932 96930 6fdebe _strcat 96928->96930 96929 6fdede WSACleanup 96929->96926 96933 6febd1 96930->96933 96932->96929 96934 6fec37 96933->96934 96935 6febe0 _strlen 96933->96935 96934->96932 96936 6febef MultiByteToWideChar 96935->96936 96936->96934 96937 6fec04 96936->96937 96938 6afe0b 22 API calls 96937->96938 96939 6fec20 MultiByteToWideChar 96938->96939 96939->96934 96940 6ed255 96941 693b1c 3 API calls 96940->96941 96942 6ed275 96941->96942 96942->96942 96943 6a0116 96944 6afddb 22 API calls 96943->96944 96945 6a011d 96944->96945 96946 693156 96949 693170 96946->96949 96950 693187 96949->96950 96951 6931eb 96950->96951 96952 69318c 96950->96952 96993 6931e9 96950->96993 96954 6d2dfb 96951->96954 96955 6931f1 96951->96955 96956 693199 96952->96956 96957 693265 PostQuitMessage 96952->96957 96953 6931d0 DefWindowProcW 96963 69316a 96953->96963 97004 6918e2 10 API calls 96954->97004 96958 6931f8 96955->96958 96959 69321d SetTimer RegisterWindowMessageW 96955->96959 96961 6d2e7c 96956->96961 96962 6931a4 96956->96962 96957->96963 96964 6d2d9c 96958->96964 96965 693201 KillTimer 96958->96965 96959->96963 96967 693246 CreatePopupMenu 96959->96967 97007 6fbf30 34 API calls ___scrt_fastfail 96961->97007 96968 6d2e68 96962->96968 96969 6931ae 96962->96969 96977 6d2dd7 MoveWindow 96964->96977 96978 6d2da1 96964->96978 96971 6930f2 Shell_NotifyIconW 96965->96971 96966 6d2e1c 97005 6ae499 42 API calls 96966->97005 96967->96963 96994 6fc161 96968->96994 96974 6d2e4d 96969->96974 96975 6931b9 96969->96975 96981 693214 96971->96981 96974->96953 97006 6f0ad7 22 API calls 96974->97006 96982 6931c4 96975->96982 96983 693253 96975->96983 96976 6d2e8e 96976->96953 96976->96963 96977->96963 96979 6d2da7 96978->96979 96980 6d2dc6 SetFocus 96978->96980 96979->96982 96984 6d2db0 96979->96984 96980->96963 97001 693c50 DeleteObject DestroyWindow 96981->97001 96982->96953 96990 6930f2 Shell_NotifyIconW 96982->96990 97002 69326f 44 API calls ___scrt_fastfail 96983->97002 97003 6918e2 10 API calls 96984->97003 96989 693263 96989->96963 96991 6d2e41 96990->96991 96992 693837 49 API calls 96991->96992 96992->96993 96993->96953 96995 6fc179 ___scrt_fastfail 96994->96995 96996 6fc276 96994->96996 96997 693923 24 API calls 96995->96997 96996->96963 96999 6fc1a0 96997->96999 96998 6fc25f KillTimer SetTimer 96998->96996 96999->96998 97000 6fc251 Shell_NotifyIconW 96999->97000 97000->96998 97001->96963 97002->96989 97003->96963 97004->96966 97005->96982 97006->96993 97007->96976

                                                                                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                                                                                      Function 006942DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 389 6942de-69434d call 69a961 GetVersionExW call 696b57 394 6d3617-6d362a 389->394 395 694353 389->395 396 6d362b-6d362f 394->396 397 694355-694357 395->397 398 6d3631 396->398 399 6d3632-6d363e 396->399 400 69435d-6943bc call 6993b2 call 6937a0 397->400 401 6d3656 397->401 398->399 399->396 402 6d3640-6d3642 399->402 418 6d37df-6d37e6 400->418 419 6943c2-6943c4 400->419 405 6d365d-6d3660 401->405 402->397 404 6d3648-6d364f 402->404 404->394 407 6d3651 404->407 408 69441b-694435 GetCurrentProcess IsWow64Process 405->408 409 6d3666-6d36a8 405->409 407->401 411 694494-69449a 408->411 412 694437 408->412 409->408 413 6d36ae-6d36b1 409->413 415 69443d-694449 411->415 412->415 416 6d36db-6d36e5 413->416 417 6d36b3-6d36bd 413->417 424 69444f-69445e LoadLibraryA 415->424 425 6d3824-6d3828 GetSystemInfo 415->425 420 6d36f8-6d3702 416->420 421 6d36e7-6d36f3 416->421 426 6d36bf-6d36c5 417->426 427 6d36ca-6d36d6 417->427 422 6d37e8 418->422 423 6d3806-6d3809 418->423 419->405 428 6943ca-6943dd 419->428 432 6d3715-6d3721 420->432 433 6d3704-6d3710 420->433 421->408 431 6d37ee 422->431 434 6d380b-6d381a 423->434 435 6d37f4-6d37fc 423->435 436 69449c-6944a6 GetSystemInfo 424->436 437 694460-69446e GetProcAddress 424->437 426->408 427->408 429 6943e3-6943e5 428->429 430 6d3726-6d372f 428->430 438 6d374d-6d3762 429->438 439 6943eb-6943ee 429->439 440 6d373c-6d3748 430->440 441 6d3731-6d3737 430->441 431->435 432->408 433->408 434->431 442 6d381c-6d3822 434->442 435->423 444 694476-694478 436->444 437->436 443 694470-694474 GetNativeSystemInfo 437->443 447 6d376f-6d377b 438->447 448 6d3764-6d376a 438->448 445 6d3791-6d3794 439->445 446 6943f4-69440f 439->446 440->408 441->408 442->435 443->444 449 69447a-69447b FreeLibrary 444->449 450 694481-694493 444->450 445->408 453 6d379a-6d37c1 445->453 451 694415 446->451 452 6d3780-6d378c 446->452 447->408 448->408 449->450 451->408 452->408 454 6d37ce-6d37da 453->454 455 6d37c3-6d37c9 453->455 454->408 455->408
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 0069430D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,0072CB64,00000000,?,?), ref: 00694422
                                                                                                                                                                                                                                                                                                                                                                      • IsWow64Process.KERNEL32(00000000,?,?), ref: 00694429
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00694454
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00694466
                                                                                                                                                                                                                                                                                                                                                                      • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00694474
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?), ref: 0069447B
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,?,?), ref: 006944A0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6dc36a38f59c7561a474861320634dee2868e7fe9968243d759e772df989c52b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 366b7d3077d5a01823303eac13d9a22e222ca16890024b329e98a11b68bd34b2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6dc36a38f59c7561a474861320634dee2868e7fe9968243d759e772df989c52b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AA18261D0A3D0DFCB12CB6B78495D97FEAAB36700B8CC499D04393B21D6A84506CF6E
                                                                                                                                                                                                                                                                                                                                                                      Function 006942A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1977 6942a2-6942ba CreateStreamOnHGlobal 1978 6942da-6942dd 1977->1978 1979 6942bc-6942d3 FindResourceExW 1977->1979 1980 6942d9 1979->1980 1981 6d35ba-6d35c9 LoadResource 1979->1981 1980->1978 1981->1980 1982 6d35cf-6d35dd SizeofResource 1981->1982 1982->1980 1983 6d35e3-6d35ee LockResource 1982->1983 1983->1980 1984 6d35f4-6d3612 1983->1984 1984->1980
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,006950AA,?,?,00000000,00000000), ref: 006942B2
                                                                                                                                                                                                                                                                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,006950AA,?,?,00000000,00000000), ref: 006942C9
                                                                                                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,006950AA,?,?,00000000,00000000,?,?,?,?,?,?,00694F20), ref: 006D35BE
                                                                                                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,006950AA,?,?,00000000,00000000,?,?,?,?,?,?,00694F20), ref: 006D35D3
                                                                                                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(006950AA,?,?,006950AA,?,?,00000000,00000000,?,?,?,?,?,?,00694F20,?), ref: 006D35E6
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d2fdf7cd1c43ffa0861329623090b94413c3d1d1b8bbc11b89becb7229d598e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dc49e91de230e1ee3f3845ea6041e7128237062cda7ac5784f369d3863b36864
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2fdf7cd1c43ffa0861329623090b94413c3d1d1b8bbc11b89becb7229d598e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0113C71200701BFEB228B65DC49F6B7BBEFFD5B51F24816AF40296650DF71D9028660
                                                                                                                                                                                                                                                                                                                                                                      Function 006D2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00692B6B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00761418,?,00692E7F,?,?,?,00000000), ref: 00693A78
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,?,?,00752224), ref: 006D2C10
                                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?,00752224), ref: 006D2C17
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0e5384eb146397ce0876fba60e415dba04a03788b008f981dcccb503c97b822e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f3fe0fe0ead52221a009314bde3db2305392ddfe5c096a7c7960e62c13ab73ff
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e5384eb146397ce0876fba60e415dba04a03788b008f981dcccb503c97b822e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB1106311083826ACF54FF60D8659BE7BAE9FA1345F88442DF442436A2CF69890AC71A
                                                                                                                                                                                                                                                                                                                                                                      Function 006FD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 006FD501
                                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 006FD50F
                                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 006FD52F
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 006FD5DC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b969f0e7527419dd972c7063c7315b31ed79eebf2595de1f8f7f2029111e8383
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e1236269e1685f31026ee80e541cf4a7d6d87b05746cb9dd82034aee608e922
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b969f0e7527419dd972c7063c7315b31ed79eebf2595de1f8f7f2029111e8383
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE31C7710083049FD705EF54C881ABFBBFEEF99354F10092DF681822A1EB71A945CBA6
                                                                                                                                                                                                                                                                                                                                                                      Function 006FDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,006D5222), ref: 006FDBCE
                                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 006FDBDD
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 006FDBEE
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 006FDBFA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: baf536d891d909b26a637014110b211ea0bb8ad6e898035c7c6bb6f6413a0526
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1fde08c647303c9d7e8bc35ed13d158ba4af49c4db1e7373ab99dbec55f08cc9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: baf536d891d909b26a637014110b211ea0bb8ad6e898035c7c6bb6f6413a0526
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2F0EC704105189792316B7C9C0D4BE37AEEE11374B108702F575C11F0EFB46D56C5D9
                                                                                                                                                                                                                                                                                                                                                                      Function 006ED21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9791f57f325b01b59366a526afa5fb3feefe80c9dfae15b9eb4eb67feae9e81b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fce78f54fa12f9eb27f77131222616fdb69ddcc704e6bcbdad6d273b327a3f1c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9791f57f325b01b59366a526afa5fb3feefe80c9dfae15b9eb4eb67feae9e81b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56D012A180A248EDCB90ABE1DC458B9B3BDBB19341F508452FB16A1040D628CA0AAB61
                                                                                                                                                                                                                                                                                                                                                                      Function 006B4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(006C28E9,?,006B4CBE,006C28E9,007588B8,0000000C,006B4E15,006C28E9,00000002,00000000,?,006C28E9), ref: 006B4D09
                                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,006B4CBE,006C28E9,007588B8,0000000C,006B4E15,006C28E9,00000002,00000000,?,006C28E9), ref: 006B4D10
                                                                                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 006B4D22
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72c7c5b49aeb2c3e63ebf68dfebaf32d7d5d313f119172b404d08dc23589024d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 11b1c02d2214126db1fdcd9986ec2821f4ec147e6a500dc338e860213db59312
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72c7c5b49aeb2c3e63ebf68dfebaf32d7d5d313f119172b404d08dc23589024d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72E0B671000558ABCF22AF54DD0AA983B6AEF51795B108418FC058A223CB39DE92DB88
                                                                                                                                                                                                                                                                                                                                                                      Function 006ED27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(?,?), ref: 006ED28C
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6847ff5e5fcd2b556df1fb7a8030f12dd10f06805fbcf47f82352d2c1da9ce71
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 227b6255608e51b46143124cc02a90e5e8938579284181e87d9181179923f57f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6847ff5e5fcd2b556df1fb7a8030f12dd10f06805fbcf47f82352d2c1da9ce71
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C8D0C9B480111DEECBA0DB90DC88DDDB37CBB14305F104151F206A2000D734964A8F10
                                                                                                                                                                                                                                                                                                                                                                      Function 0069BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: p#v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3964851224-2894008874
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8c89a8a4b646a3e752d21a3a820db8fd31eb480d01bfea4b42cf1ae41de037fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb00cb906b55e48dea09d6f6a31674959268992133150b8c64582dadf0a9824d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c89a8a4b646a3e752d21a3a820db8fd31eb480d01bfea4b42cf1ae41de037fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3A28A70608341DFDB10DF19C480B6ABBE6BF89314F14896DE88A8B752D771EC85CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 0071AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 0 71aff9-71b056 call 6b2340 3 71b094-71b098 0->3 4 71b058-71b06b call 69b567 0->4 6 71b09a-71b0bb call 69b567 * 2 3->6 7 71b0dd-71b0e0 3->7 12 71b0c8 4->12 13 71b06d-71b092 call 69b567 * 2 4->13 29 71b0bf-71b0c4 6->29 9 71b0e2-71b0e5 7->9 10 71b0f5-71b119 call 697510 call 697620 7->10 14 71b0e8-71b0ed call 69b567 9->14 31 71b1d8-71b1e0 10->31 32 71b11f-71b178 call 697510 call 697620 call 697510 call 697620 call 697510 call 697620 10->32 18 71b0cb-71b0cf 12->18 13->29 14->10 24 71b0d1-71b0d7 18->24 25 71b0d9-71b0db 18->25 24->14 25->7 25->10 29->7 33 71b0c6 29->33 36 71b1e2-71b1fd call 697510 call 697620 31->36 37 71b20a-71b238 GetCurrentDirectoryW call 6afe0b GetCurrentDirectoryW 31->37 82 71b1a6-71b1d6 GetSystemDirectoryW call 6afe0b GetSystemDirectoryW 32->82 83 71b17a-71b195 call 697510 call 697620 32->83 33->18 36->37 50 71b1ff-71b208 call 6b4963 36->50 45 71b23c 37->45 48 71b240-71b244 45->48 52 71b275-71b285 call 7000d9 48->52 53 71b246-71b270 call 699c6e * 3 48->53 50->37 50->52 62 71b287-71b289 52->62 63 71b28b-71b2e1 call 7007c0 call 7006e6 call 7005a7 52->63 53->52 66 71b2ee-71b2f2 62->66 63->66 99 71b2e3 63->99 71 71b2f8-71b321 call 6f11c8 66->71 72 71b39a-71b3be CreateProcessW 66->72 88 71b323-71b328 call 6f1201 71->88 89 71b32a call 6f14ce 71->89 76 71b3c1-71b3d4 call 6afe14 * 2 72->76 103 71b3d6-71b3e8 76->103 104 71b42f-71b43d CloseHandle 76->104 82->45 83->82 105 71b197-71b1a0 call 6b4963 83->105 98 71b32f-71b33c call 6b4963 88->98 89->98 113 71b347-71b357 call 6b4963 98->113 114 71b33e-71b345 98->114 99->66 109 71b3ea 103->109 110 71b3ed-71b3fc 103->110 107 71b49c 104->107 108 71b43f-71b444 104->108 105->48 105->82 111 71b4a0-71b4a4 107->111 115 71b451-71b456 108->115 116 71b446-71b44c CloseHandle 108->116 109->110 117 71b401-71b42a GetLastError call 69630c call 69cfa0 110->117 118 71b3fe 110->118 120 71b4b2-71b4bc 111->120 121 71b4a6-71b4b0 111->121 136 71b362-71b372 call 6b4963 113->136 137 71b359-71b360 113->137 114->113 114->114 124 71b463-71b468 115->124 125 71b458-71b45e CloseHandle 115->125 116->115 127 71b4e5-71b4f6 call 700175 117->127 118->117 128 71b4c4-71b4e3 call 69cfa0 CloseHandle 120->128 129 71b4be 120->129 121->127 131 71b475-71b49a call 7009d9 call 71b536 124->131 132 71b46a-71b470 CloseHandle 124->132 125->124 128->127 129->128 131->111 132->131 147 71b374-71b37b 136->147 148 71b37d-71b398 call 6afe14 * 3 136->148 137->136 137->137 147->147 147->148 148->76
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071B198
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0071B1B0
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0071B1D4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071B200
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0071B214
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0071B236
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071B332
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007005A7: GetStdHandle.KERNEL32(000000F6), ref: 007005C6
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071B34B
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071B366
                                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0071B3B6
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0071B407
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0071B439
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0071B44A
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0071B45C
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0071B46E
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0071B4E3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8428da141b290f48364b36a710c97717578967fab8596af6a567ec13abeb0a6b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d2ff15d03fc050009adc778d31dc086a4d64e97bd3c340ef7a889ef60b902a6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8428da141b290f48364b36a710c97717578967fab8596af6a567ec13abeb0a6b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF19C31508340DFCB54EF28C881BAEBBE5AF85310F14855DF8999B2A2CB35EC85CB56
                                                                                                                                                                                                                                                                                                                                                                      Function 0069D730 Relevance: 21.6, APIs: 14, Instructions: 623windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 0069D807
                                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 0069DA07
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0069DB28
                                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0069DB7B
                                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0069DB89
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0069DB9F
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0069DBB1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 00ab086381bd25f67b3d84f7112546ccc010072cbc5da4c9c5905cb3eee525e7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3af2ec6ccaed0ea2c03fa804971b9c8e212882a882623418dc4afaa401392df8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 00ab086381bd25f67b3d84f7112546ccc010072cbc5da4c9c5905cb3eee525e7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25422170608382DFDB29DF25C894BAAB7EBBF46304F14852DE4568B791C774E845CB82
                                                                                                                                                                                                                                                                                                                                                                      Function 00692CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00692D07
                                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 00692D31
                                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00692D42
                                                                                                                                                                                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 00692D5F
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00692D6F
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A9), ref: 00692D85
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00692D94
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 44b5288ae3769fdfcca21ddea9e4bb5d3649dd12949aca63f078b6f0f1b98851
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 306d622034821d87a1bc51a8b52d49964d615cf4bb4c0dfc72c8716b5dd4725f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44b5288ae3769fdfcca21ddea9e4bb5d3649dd12949aca63f078b6f0f1b98851
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A21F2B1D01358AFDB11DFA4EC89BDDBBB4FB18701F04811AF612A62A0D7B91540CFA9
                                                                                                                                                                                                                                                                                                                                                                      Function 006D065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 457 6d065b-6d068b call 6d042f 460 6d068d-6d0698 call 6bf2c6 457->460 461 6d06a6-6d06b2 call 6c5221 457->461 466 6d069a-6d06a1 call 6bf2d9 460->466 467 6d06cb-6d0714 call 6d039a 461->467 468 6d06b4-6d06c9 call 6bf2c6 call 6bf2d9 461->468 478 6d097d-6d0983 466->478 476 6d0716-6d071f 467->476 477 6d0781-6d078a GetFileType 467->477 468->466 480 6d0756-6d077c GetLastError call 6bf2a3 476->480 481 6d0721-6d0725 476->481 482 6d078c-6d07bd GetLastError call 6bf2a3 CloseHandle 477->482 483 6d07d3-6d07d6 477->483 480->466 481->480 487 6d0727-6d0754 call 6d039a 481->487 482->466 494 6d07c3-6d07ce call 6bf2d9 482->494 485 6d07df-6d07e5 483->485 486 6d07d8-6d07dd 483->486 490 6d07e9-6d0837 call 6c516a 485->490 491 6d07e7 485->491 486->490 487->477 487->480 500 6d0839-6d0845 call 6d05ab 490->500 501 6d0847-6d086b call 6d014d 490->501 491->490 494->466 500->501 508 6d086f-6d0879 call 6c86ae 500->508 506 6d086d 501->506 507 6d087e-6d08c1 501->507 506->508 510 6d08c3-6d08c7 507->510 511 6d08e2-6d08f0 507->511 508->478 510->511 513 6d08c9-6d08dd 510->513 514 6d097b 511->514 515 6d08f6-6d08fa 511->515 513->511 514->478 515->514 516 6d08fc-6d092f CloseHandle call 6d039a 515->516 519 6d0931-6d095d GetLastError call 6bf2a3 call 6c5333 516->519 520 6d0963-6d0977 516->520 519->520 520->514
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006D039A: CreateFileW.KERNEL32(00000000,00000000,?,006D0704,?,?,00000000,?,006D0704,00000000,0000000C), ref: 006D03B7
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006D076F
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006D0776
                                                                                                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 006D0782
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006D078C
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006D0795
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 006D07B5
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 006D08FF
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006D0931
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006D0938
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8b58f1b74d65b24d16bdbb585eb7dd2ded6e9220d260428bbfcdb3c7dcefcbad
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 591ab08ee1eae03732c55cec694917e974367453b41240fd74237cbb5d4ed61f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b58f1b74d65b24d16bdbb585eb7dd2ded6e9220d260428bbfcdb3c7dcefcbad
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1CA12332E001449FEF19EF68DC51BEE3BA2AB46320F14415EF8119F3A2DB759912CB95
                                                                                                                                                                                                                                                                                                                                                                      Function 0069344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00761418,?,00692E7F,?,?,?,00000000), ref: 00693A78
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00693379
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0069356A
                                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 006D318D
                                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 006D31CE
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 006D3210
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006D3277
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006D3286
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d8c5e287ddf971cc822ed748e58e970346f9dd4a5a8537524056cb7cc85d0af
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 314a78df70ab4c7befee50364c357ce5449e7850ef0e72516ccd4fc8fa55f52e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d8c5e287ddf971cc822ed748e58e970346f9dd4a5a8537524056cb7cc85d0af
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C071D5718043019EC794EF66DC418AFB7E9FF95340F40442EF446833A1EB789A4ACB6A
                                                                                                                                                                                                                                                                                                                                                                      Function 00692B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00692B8E
                                                                                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00692B9D
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 00692BB3
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00692BC5
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00692BD7
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00692BEF
                                                                                                                                                                                                                                                                                                                                                                      • RegisterClassExW.USER32(?), ref: 00692C40
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692CD4: GetSysColorBrush.USER32(0000000F), ref: 00692D07
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692CD4: RegisterClassExW.USER32(00000030), ref: 00692D31
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00692D42
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692CD4: InitCommonControlsEx.COMCTL32(?), ref: 00692D5F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00692D6F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692CD4: LoadIconW.USER32(000000A9), ref: 00692D85
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00692D94
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cdc902c6773c3f6c945d4b9158239a7c67287150f6a041eac8411893a207d01c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d8ff5a0d25c32347f0ca76a10e61accc6fad4795bad40445d9d85bf9b9f36f0d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdc902c6773c3f6c945d4b9158239a7c67287150f6a041eac8411893a207d01c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B6214C70E10314ABDB119FA6EC59A9D7FB4FB08B50F48802BE502A77A0D7F90540DF98
                                                                                                                                                                                                                                                                                                                                                                      Function 0069B710 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0069BB4E
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: p#v$p#v$p#v$p#v$p%v$p%v$x#v$x#v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-1884093042
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 61d42d556a901f438079c6d81cb2d5f91e9417a07f0cfb6949436c5e290945cb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4bf92913ceeee8288e98d8d37676341d5a458b3dd5f3ec4d26aca4dd7e0ce0a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61d42d556a901f438079c6d81cb2d5f91e9417a07f0cfb6949436c5e290945cb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7232BE70A00249DFDF10CF55D994AFEB7BAEF45310F148059E906AB752C7B8AD82CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00693170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 805 693170-693185 806 6931e5-6931e7 805->806 807 693187-69318a 805->807 806->807 810 6931e9 806->810 808 6931eb 807->808 809 69318c-693193 807->809 812 6d2dfb-6d2e23 call 6918e2 call 6ae499 808->812 813 6931f1-6931f6 808->813 814 693199-69319e 809->814 815 693265-69326d PostQuitMessage 809->815 811 6931d0-6931d8 DefWindowProcW 810->811 821 6931de-6931e4 811->821 851 6d2e28-6d2e2f 812->851 816 6931f8-6931fb 813->816 817 69321d-693244 SetTimer RegisterWindowMessageW 813->817 819 6d2e7c-6d2e90 call 6fbf30 814->819 820 6931a4-6931a8 814->820 822 693219-69321b 815->822 823 6d2d9c-6d2d9f 816->823 824 693201-69320f KillTimer call 6930f2 816->824 817->822 826 693246-693251 CreatePopupMenu 817->826 819->822 846 6d2e96 819->846 827 6d2e68-6d2e72 call 6fc161 820->827 828 6931ae-6931b3 820->828 822->821 836 6d2dd7-6d2df6 MoveWindow 823->836 837 6d2da1-6d2da5 823->837 841 693214 call 693c50 824->841 826->822 842 6d2e77 827->842 833 6d2e4d-6d2e54 828->833 834 6931b9-6931be 828->834 833->811 840 6d2e5a-6d2e63 call 6f0ad7 833->840 844 693253-693263 call 69326f 834->844 845 6931c4-6931ca 834->845 836->822 838 6d2da7-6d2daa 837->838 839 6d2dc6-6d2dd2 SetFocus 837->839 838->845 847 6d2db0-6d2dc1 call 6918e2 838->847 839->822 840->811 841->822 842->822 844->822 845->811 845->851 846->811 847->822 851->811 855 6d2e35-6d2e48 call 6930f2 call 693837 851->855 855->811
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0069316A,?,?), ref: 006931D8
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?,?,?,?,0069316A,?,?), ref: 00693204
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00693227
                                                                                                                                                                                                                                                                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0069316A,?,?), ref: 00693232
                                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00693246
                                                                                                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00693267
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                      • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ef1b2fac3c3f4edf1b947faff0c731f973a2f8681bd78d014b4a5cd5c4ad7bc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 85f7ad5a5a843d8ddd4cd87f72df69dd7e25d53bd4200f81346d2fa56404cf39
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ef1b2fac3c3f4edf1b947faff0c731f973a2f8681bd78d014b4a5cd5c4ad7bc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87412931204324A7DF251B789D1DBBD3A1FEB15340F48412AF913C6BB1C7A99F4297A9
                                                                                                                                                                                                                                                                                                                                                                      Function 0069DFD0 Relevance: 15.4, APIs: 2, Strings: 6, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: D%v$D%v$D%v$D%v$D%vD%v$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4101888364
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ef1828ae8ea2111b22106286e20adf82fa698bb113f1948ac0117d9c49c64a9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c00e7edf107d57fdd8d3872204e9025bdb6bc7b0ed2b31ff243706b229c28cf8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ef1828ae8ea2111b22106286e20adf82fa698bb113f1948ac0117d9c49c64a9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1C29F70A00214CFCF24DF98C884AADB7F6BF09300F248569E916AB791D376ED42CB95
                                                                                                                                                                                                                                                                                                                                                                      Function 0069EC40 Relevance: 15.2, APIs: 3, Strings: 5, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0069FE66
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: D%v$D%v$D%v$D%v$D%vD%v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-3044044174
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e543c940906c7e16da333538455fd05296c65202cc4a4c9e8987a1fbb718695
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 64c3777619c4096835fbfa44c3596430371e92c013246cd189216c4254a2ea45
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e543c940906c7e16da333538455fd05296c65202cc4a4c9e8987a1fbb718695
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0EB2BD74608340CFCB64CF28C490A6AB7E6BF99314F25886DF8868B751D775EC46CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 00691410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1814 691410-691449 1815 6d24b8-6d24b9 DestroyWindow 1814->1815 1816 69144f-691465 mciSendStringW 1814->1816 1819 6d24c4-6d24d1 1815->1819 1817 69146b-691473 1816->1817 1818 6916c6-6916d3 1816->1818 1817->1819 1820 691479-691488 call 69182e 1817->1820 1821 6916f8-6916ff 1818->1821 1822 6916d5-6916f0 UnregisterHotKey 1818->1822 1823 6d2500-6d2507 1819->1823 1824 6d24d3-6d24d6 1819->1824 1835 6d250e-6d251a 1820->1835 1836 69148e-691496 1820->1836 1821->1817 1827 691705 1821->1827 1822->1821 1826 6916f2-6916f3 call 6910d0 1822->1826 1823->1819 1832 6d2509 1823->1832 1828 6d24d8-6d24e0 call 696246 1824->1828 1829 6d24e2-6d24e5 FindClose 1824->1829 1826->1821 1827->1818 1834 6d24eb-6d24f8 1828->1834 1829->1834 1832->1835 1834->1823 1838 6d24fa-6d24fb call 7032b1 1834->1838 1841 6d251c-6d251e FreeLibrary 1835->1841 1842 6d2524-6d252b 1835->1842 1839 69149c-6914c1 call 69cfa0 1836->1839 1840 6d2532-6d253f 1836->1840 1838->1823 1852 6914f8-691503 CoUninitialize 1839->1852 1853 6914c3 1839->1853 1844 6d2566-6d256d 1840->1844 1845 6d2541-6d255e VirtualFree 1840->1845 1841->1842 1842->1835 1843 6d252d 1842->1843 1843->1840 1844->1840 1849 6d256f 1844->1849 1845->1844 1848 6d2560-6d2561 call 703317 1845->1848 1848->1844 1855 6d2574-6d2578 1849->1855 1854 691509-69150e 1852->1854 1852->1855 1856 6914c6-6914f6 call 691a05 call 6919ae 1853->1856 1857 6d2589-6d2596 call 7032eb 1854->1857 1858 691514-69151e 1854->1858 1855->1854 1859 6d257e-6d2584 1855->1859 1856->1852 1870 6d2598 1857->1870 1861 691524-6915a5 call 69988f call 691944 call 6917d5 call 6afe14 call 69177c call 69988f call 69cfa0 call 6917fe call 6afe14 1858->1861 1862 691707-691714 call 6af80e 1858->1862 1859->1854 1876 6d259d-6d25bf call 6afdcd 1861->1876 1904 6915ab-6915cf call 6afe14 1861->1904 1862->1861 1875 69171a 1862->1875 1870->1876 1875->1862 1882 6d25c1 1876->1882 1885 6d25c6-6d25e8 call 6afdcd 1882->1885 1892 6d25ea 1885->1892 1895 6d25ef-6d2611 call 6afdcd 1892->1895 1900 6d2613 1895->1900 1903 6d2618-6d2625 call 6f64d4 1900->1903 1909 6d2627 1903->1909 1904->1885 1910 6915d5-6915f9 call 6afe14 1904->1910 1912 6d262c-6d2639 call 6aac64 1909->1912 1910->1895 1915 6915ff-691619 call 6afe14 1910->1915 1919 6d263b 1912->1919 1915->1903 1920 69161f-691643 call 6917d5 call 6afe14 1915->1920 1922 6d2640-6d264d call 703245 1919->1922 1920->1912 1929 691649-691651 1920->1929 1928 6d264f 1922->1928 1930 6d2654-6d2661 call 7032cc 1928->1930 1929->1922 1931 691657-691675 call 69988f call 69190a 1929->1931 1936 6d2663 1930->1936 1931->1930 1940 69167b-691689 1931->1940 1939 6d2668-6d2675 call 7032cc 1936->1939 1945 6d2677 1939->1945 1940->1939 1942 69168f-6916c5 call 69988f * 3 call 691876 1940->1942 1945->1945
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00691459
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE ref: 006914F8
                                                                                                                                                                                                                                                                                                                                                                      • UnregisterHotKey.USER32(?), ref: 006916DD
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 006D24B9
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 006D251E
                                                                                                                                                                                                                                                                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 006D254B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a78742b350e131071c84bd13aa2e95629aa64faba76dd3c473197e0dc7e9b98e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 85d560e859a24320ce3012a8a9cd0d65ba64c18f5834926bf4cc15408b668646
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a78742b350e131071c84bd13aa2e95629aa64faba76dd3c473197e0dc7e9b98e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDD18A30B01213CFCB29EF15D5A5A68F7AABF16700F2442AEE44A6B751CB30AC12CF55
                                                                                                                                                                                                                                                                                                                                                                      Function 006FDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1953 6fde27-6fde4a WSAStartup 1954 6fdee6-6fdef2 call 6b4983 1953->1954 1955 6fde50-6fde71 gethostname gethostbyname 1953->1955 1961 6fdef3-6fdef6 1954->1961 1955->1954 1956 6fde73-6fde7a 1955->1956 1959 6fde7c-6fde81 1956->1959 1960 6fde83-6fde85 1956->1960 1959->1959 1959->1960 1962 6fde87-6fde94 call 6b4983 1960->1962 1963 6fde96-6fdedb call 6b0e20 inet_ntoa call 6bd5f0 call 6febd1 call 6b4983 call 6afe14 1960->1963 1968 6fdede-6fdee4 WSACleanup 1962->1968 1963->1968 1968->1961
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 72bc04bd22b3db459fb588c2ad6510d9458c4d8af702f2977a185d8917a0dea3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 593c6e2ed34e2a90386b45cbb1610d6897a469eb12ddcefe7a3f4dff4b963edd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72bc04bd22b3db459fb588c2ad6510d9458c4d8af702f2977a185d8917a0dea3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5113671804108ABCB30BB209C0AEEE37AFDF20710F00016DF6059A191EF75AA828B64
                                                                                                                                                                                                                                                                                                                                                                      Function 00692C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 1987 692c63-692cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00692C91
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00692CB2
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00691CAD,?), ref: 00692CC6
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,00691CAD,?), ref: 00692CCF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d9646fa974338bf1b6cfb50194f4aad2f5141b511d8fdb6433d54700023d07d3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b07d77ca8c6fc76831cfdc3cb8018b140b5e627fb302108471345c67c6622a1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9646fa974338bf1b6cfb50194f4aad2f5141b511d8fdb6433d54700023d07d3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DF03A755403907AEB310713AC0CE7B2EBDD7DAF50B48801AF902A26A0C2A91841EAB8
                                                                                                                                                                                                                                                                                                                                                                      Function 006ED3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2102 6ed3a0-6ed3a9 2103 6ed3ab-6ed3b7 LoadLibraryA 2102->2103 2104 6ed376-6ed37b 2102->2104 2107 6ed3c9 2103->2107 2108 6ed3b9-6ed3c7 GetProcAddress 2103->2108 2105 6ed292-6ed2a8 2104->2105 2111 6ed2a9 2105->2111 2110 6ed3ce-6ed3de 2107->2110 2108->2107 2108->2110 2110->2105 2113 6ed3e4-6ed3eb FreeLibrary 2110->2113 2111->2111 2113->2105
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32 ref: 006ED3AD
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 006ED3BF
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 006ED3E5
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-2590602151
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 11d2385aaeff62620b80a9a066f34df63d0901b8865061a0c2d32992eac897ca
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 361abb613150179da82d098a59575eb1e002a97cd3ef1c0c4a6e848cad363607
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 11d2385aaeff62620b80a9a066f34df63d0901b8865061a0c2d32992eac897ca
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08F055B0803BA0DFD73227128C489AD7223AF22702B648095FA02E5210DB24CE428AA7
                                                                                                                                                                                                                                                                                                                                                                      Function 00693B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                                                                                      control_flow_graph 2424 693b1c-693b27 2425 693b99-693b9b 2424->2425 2426 693b29-693b2e 2424->2426 2428 693b8c-693b8f 2425->2428 2426->2425 2427 693b30-693b48 RegOpenKeyExW 2426->2427 2427->2425 2429 693b4a-693b69 RegQueryValueExW 2427->2429 2430 693b6b-693b76 2429->2430 2431 693b80-693b8b RegCloseKey 2429->2431 2432 693b78-693b7a 2430->2432 2433 693b90-693b97 2430->2433 2431->2428 2434 693b7e 2432->2434 2433->2434 2434->2431
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00693B0F,SwapMouseButtons,00000004,?), ref: 00693B40
                                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00693B0F,SwapMouseButtons,00000004,?), ref: 00693B61
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00693B0F,SwapMouseButtons,00000004,?), ref: 00693B83
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af566c610f901ae1119d2bacd774b95564ddee59ee3a2987110720e617ae01c5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7feead9a02cd724c46cac3b8515027c207dc540cde429e7b5b5f207449b5c78f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af566c610f901ae1119d2bacd774b95564ddee59ee3a2987110720e617ae01c5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2112AB5510218FFDF218FA5DC44EEEB7BDEF24744B108459A805D7314E2719E4197A4
                                                                                                                                                                                                                                                                                                                                                                      Function 00693923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 006D33A2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00693A04
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 279be36c52144f3abaf0f121a016c3adaa7e909473919a9a9d788238c5fba6c0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1cb1f25d2749c607967731111147afda872a473e24fc00cb4a2dd2b7cbfc688b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 279be36c52144f3abaf0f121a016c3adaa7e909473919a9a9d788238c5fba6c0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1331C571408320AECB65EB10DC45BEFB7DDAB40710F04451EF59A93791EBB49649C7CA
                                                                                                                                                                                                                                                                                                                                                                      Function 00692DE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 006D2C8C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00693A97,?,?,00692E7F,?,?,?,00000000), ref: 00693AC2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00692DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00692DC4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X$`eu
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 779396738-2435029519
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aed6a4bcd46738d0aa74c511d2e1596ab705a9c79f893c6c5c9fa218c0e4818e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30937e54deb8049644c3200d4b33677cc9976898e20420e764328f721c069638
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aed6a4bcd46738d0aa74c511d2e1596ab705a9c79f893c6c5c9fa218c0e4818e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E621C671A00298AFCF81DF94C855BEE7BFDAF48315F40805AE405A7341DBF85A498B65
                                                                                                                                                                                                                                                                                                                                                                      Function 006AFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 006B0668
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B32A4: RaiseException.KERNEL32(?,?,?,006B068A,?,00761444,?,?,?,?,?,?,006B068A,00691129,00758738,00691129), ref: 006B3304
                                                                                                                                                                                                                                                                                                                                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 006B0685
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7a5302467cf1f8e28b503240f65ca580dd32026e1e673e109443fdf5d01f4b88
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91af4291830dd858307ac7b00725fcd22c40506d7cacd9e56ac41e21cf9c9ccc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a5302467cf1f8e28b503240f65ca580dd32026e1e673e109443fdf5d01f4b88
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EAF022B490020C73CF40B7A4D846CDF7B6E9E00300B604039B81492692EF71DBAACB85
                                                                                                                                                                                                                                                                                                                                                                      Function 006910F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00691BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00691BF4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00691BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00691BFC
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00691BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00691C07
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00691BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00691C12
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00691BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00691C1A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00691BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00691C22
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00691B4A: RegisterWindowMessageW.USER32(00000004,?,006912C4), ref: 00691BA2
                                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0069136A
                                                                                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32 ref: 00691388
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000), ref: 006D24AB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ec09474d3009c716b26b0df5e05124a1fc417a34ee2135557dc2e4bb480f5b7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b956730bbf0932711cf12dce7f9b414cf7f358c85eefe7f80cc6387379c6f84
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ec09474d3009c716b26b0df5e05124a1fc417a34ee2135557dc2e4bb480f5b7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE71CCB49013418EC784DF7AE85D659BAE5BB9935439CC22ED40BC7262EBBC4460CF8D
                                                                                                                                                                                                                                                                                                                                                                      Function 006FC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00693A04
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 006FC259
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 006FC261
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 006FC270
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8d4e0b38b55702dfd326944f12a74ff3687ed572f348c935a6cf28b8fb7ce723
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5db7b8d0dac63bfe540edf511928ab171187c3df405fccfbc5fd0563bbd61024
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d4e0b38b55702dfd326944f12a74ff3687ed572f348c935a6cf28b8fb7ce723
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B931D170900348AFEB328B648955BEBBBEDAF02314F00449ED29AA3241C7745B85CB55
                                                                                                                                                                                                                                                                                                                                                                      Function 006C86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,?,?,006C85CC,?,00758CC8,0000000C), ref: 006C8704
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,006C85CC,?,00758CC8,0000000C), ref: 006C870E
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006C8739
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f7662c75548500b603359ab072fcf7381121e4f99634436a7623768ced80533
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 007680bc1104b1aa0a92018cf52b72e51842c97167348ef2ae4ce341f56e12d2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f7662c75548500b603359ab072fcf7381121e4f99634436a7623768ced80533
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D0108326056602ED67572356C45FBE674BCB91778F39021DE8198B2D3EEA4ACC28298
                                                                                                                                                                                                                                                                                                                                                                      Function 0069DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0069DB7B
                                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 0069DB89
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0069DB9F
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0069DBB1
                                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 006E1CC9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cdc0d2afd6060bed61c5cb823bb67a6f5128067ca6488805329f99f410c189c0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b87ccc9f7ade3e2a6ca9ceda5f9a69f8c366e4890431f424c33289d1a933393d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cdc0d2afd6060bed61c5cb823bb67a6f5128067ca6488805329f99f410c189c0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 53F082306043819BEB30DB61CD49FEA73BEEF55710F508A29E61AC71C0DB389489DB29
                                                                                                                                                                                                                                                                                                                                                                      Function 006A1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 006A17F6
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 031fe318244bcbb3d9e069e963f71c4c7da00a1a82823d1d68fbc9a8cc33f28c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 488f57f7fec14f4854d12eaa6198d15823b638585a836eb25c79c45b4bfd5087
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 031fe318244bcbb3d9e069e963f71c4c7da00a1a82823d1d68fbc9a8cc33f28c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D42279B06083419FC714EF14C480A6ABBE2BF9A354F24895DF4968B3A2D735EC45CF92
                                                                                                                                                                                                                                                                                                                                                                      Function 006A01E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b3c36f4e81c146e596d4daa7ddaee51b743329c498d64c86b1b05c6d812a2228
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 13bb4b991f9f61182b79a0059e232cc8913358b582b7b86e846eab03ad88b4a0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3c36f4e81c146e596d4daa7ddaee51b743329c498d64c86b1b05c6d812a2228
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B32CE30A00705DFDF24EF65C885BAEB7B6AF06314F148529E916AB2A1D731EE40CF95
                                                                                                                                                                                                                                                                                                                                                                      Function 006ED363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetComputerNameW.KERNEL32(?,?), ref: 006ED375
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 026f1d3fbcc413c22fc658d806439633415925fd273bf5c55e410fe6603a3491
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 58347eacd1fb97451df262f84e7830f3805be86fedb6ac1285760b71cee9acb4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 026f1d3fbcc413c22fc658d806439633415925fd273bf5c55e410fe6603a3491
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8D0C9B5806258EECB90DB40DC88DDDB37DBF14301F508551F202A2000D7349A4A9F11
                                                                                                                                                                                                                                                                                                                                                                      Function 00693837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00693908
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5d499b84c86ba8e85803276486b066f97b6ec394fd717b89df710fcdb690641c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d64f2b76e909c9335ed5d06e9aeb80d33f05f591a7d2deabb09864cbe166da6d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d499b84c86ba8e85803276486b066f97b6ec394fd717b89df710fcdb690641c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C31D5706043118FD760DF25D9847D7BBE9FB49308F00092EF59A83740E7B5AA44CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 006AF645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 006AF661
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069D730: GetInputState.USER32 ref: 0069D807
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 006EF2DE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5b6fb15952322a7ad31ab0db0fa039d2496ffed3b9908649fd4b5a19c1cd1b99
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a21176f9c58970f2d7e631bcc8c016a4eeaf0e0d01d604f854d47c42c4bee5f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b6fb15952322a7ad31ab0db0fa039d2496ffed3b9908649fd4b5a19c1cd1b99
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CF08C312406059FD350EFA9E54AB6AB7EAEF55760F004029E859C7760DB70AC00CF99
                                                                                                                                                                                                                                                                                                                                                                      Function 00694ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00694E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00694EDD,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694E9C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00694E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00694EAE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00694E90: FreeLibrary.KERNEL32(00000000,?,?,00694EDD,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694EC0
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694EFD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00694E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,006D3CDE,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694E62
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00694E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00694E74
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00694E59: FreeLibrary.KERNEL32(00000000,?,?,006D3CDE,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694E87
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8060d653bace858dc4305653e54b21b2d4571f4581c450d69cb6e64857beae78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bc484e7e050c9942270e14a3cdc9b60050a87313bc9ee613c7d31b74867e00bc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8060d653bace858dc4305653e54b21b2d4571f4581c450d69cb6e64857beae78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63112332610206AACF21AF60DC02FED77AAAF90710F10842EF442A66C1EE759A069759
                                                                                                                                                                                                                                                                                                                                                                      Function 006C8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d940512ab65b782bbb4057c35dcc4c1be30993432ad6dbf58f42faca7d0bb565
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5f7fcfa4d6afda61f622f8f60f0fc0deb5c8b80da4378dfab8a3a0bb84f160e2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d940512ab65b782bbb4057c35dcc4c1be30993432ad6dbf58f42faca7d0bb565
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D11487190420AAFCB19DF58E944EEA7BF5EF48300F108069F808EB312DA30DA11CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006C5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C4C7D: RtlAllocateHeap.NTDLL(00000008,00691129,00000000,?,006C2E29,00000001,00000364,?,?,?,006BF2DE,006C3863,00761444,?,006AFDF5,?), ref: 006C4CBE
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C506C
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 43bc2a3309121301197f2820d4a42e6fc03bdf73c22fb9cfda391c8127296b4c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F40126722047056BE3218E659C85FAAFBEAFB89370F25051DE585C3280EA30A845C6B4
                                                                                                                                                                                                                                                                                                                                                                      Function 006BE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f734c9b6ea1c5dad5e254109983f4514a43d96c60f18364ed112b0577f81fdf8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 40F0F972510A149AC6313A658C05FEA379BDF52335F10071DF921972D2EB75944287AD
                                                                                                                                                                                                                                                                                                                                                                      Function 00699CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: adafec5abc8015c7044a09e001c359287384851bfa8f5e3c1cb68c0661a74ac0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f57e05ae6f8a2d86e0bf1b77dd0c343094cbdde0ea1a3788e877349068aee0d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: adafec5abc8015c7044a09e001c359287384851bfa8f5e3c1cb68c0661a74ac0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6FF0F4B22006006ED724AF28C802AA7BB99EF44760F10852EF619CB2D1DB31E4108BA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006C4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,00691129,00000000,?,006C2E29,00000001,00000364,?,?,?,006BF2DE,006C3863,00761444,?,006AFDF5,?), ref: 006C4CBE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 31b7fd0950d483bab702990cc2b9a8180da8b90f701dcec1276add6d27030d72
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 623d16f3cc60761834016210cba8ee2b86cbda04c520e5ad3a454c89a0aac573
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31b7fd0950d483bab702990cc2b9a8180da8b90f701dcec1276add6d27030d72
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F0B43160222466DB21AF629C19FFA379BEF517B1B14811DFC16A63A1CE70D80146E4
                                                                                                                                                                                                                                                                                                                                                                      Function 006C3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,?,00761444,?,006AFDF5,?,?,0069A976,00000010,00761440,006913FC,?,006913C6,?,00691129), ref: 006C3852
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a11839cf78628cc6ff240449b577ae1983de7c0de9b167a3af971207f6d2db6f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: df19ea6465878b8515d02ab3f7a221bbfa9cb78a6d256267f3b93fe1ec9bba75
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a11839cf78628cc6ff240449b577ae1983de7c0de9b167a3af971207f6d2db6f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9E0E53110623456E6312A679C05FFA375FEF427B0F05802CBC0692791CB20DE0287E8
                                                                                                                                                                                                                                                                                                                                                                      Function 00694F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694F6D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 090fd5a10e5329e9169e01d278d058de0e84894892fe9e2787259596b2d178a2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dc54dcba8fb1550ee9bb6e34dc2045dfcc60bdc29ccceab3a165a3af1aee117d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 090fd5a10e5329e9169e01d278d058de0e84894892fe9e2787259596b2d178a2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23F01C71105752CFDB349F64D494C66B7EAAF54319310C96EE1DA82A11CB319845DB10
                                                                                                                                                                                                                                                                                                                                                                      Function 00722A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00722A66
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc121c8c99dea78453f2a94fb6244a460e6c45c7f5aaeb50afa7474c347bf6cf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ce5bc5d9edb5cad6e4d2c0f1dbea077af193a4ca3a9a69ffe76687c4de6f829a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc121c8c99dea78453f2a94fb6244a460e6c45c7f5aaeb50afa7474c347bf6cf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8E0DF3234012ABAC750EA30EC808FE736CEB14391710823AAD16C2511EB38CA8282A4
                                                                                                                                                                                                                                                                                                                                                                      Function 006930F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0069314E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ea1082413a56b66d09c3f9f093473c36f086fb0bc5bd6fa2d4f4369821a174e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ef4723e8d97990a91d9d661da51bad5cdd86b458e816366ffd38a4ac37631fff
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ea1082413a56b66d09c3f9f093473c36f086fb0bc5bd6fa2d4f4369821a174e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36F0A7709043149FEB929B24DC497DA7BFCA701708F0440E9E14AA6391D7B45788CF85
                                                                                                                                                                                                                                                                                                                                                                      Function 00692DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00692DC4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 361d66f8ecdc5c80b109affd1845885873ffe677a9388629cb15295849d8e779
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d5623ffbe1e9f5b56e0d53c34762075927001c50fb25010c2694c9e74bfd1e3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 361d66f8ecdc5c80b109affd1845885873ffe677a9388629cb15295849d8e779
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4E0CD72A002245BDB219398DC05FEA77DDDFC8790F044075FD09D724CD964AD848554
                                                                                                                                                                                                                                                                                                                                                                      Function 00692B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00693908
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069D730: GetInputState.USER32 ref: 0069D807
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00692B6B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006930F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0069314E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e9347489aaf10159e9760c578351962a836a3b24036a9c6cfb2b73f68b527712
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ade05698aad775c7c37446e586c27611eeb600ce425f29459a60af80fb30db5d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9347489aaf10159e9760c578351962a836a3b24036a9c6cfb2b73f68b527712
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B1E0262130025406CE48BB7598264BDB78F8FE1351F80083EF14383663CE284549421A
                                                                                                                                                                                                                                                                                                                                                                      Function 006FDF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 006FDF40
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7254b77d44509f9558877b4b944a8d11d66022a64535d64917210c1520694c96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 82dcd4959e39448eb98b055f34f7ec8efb0fe20fb9a595f2f763ab4fcb8e8e51
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7254b77d44509f9558877b4b944a8d11d66022a64535d64917210c1520694c96
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBD05EA2A003282BDF60A674DC0DDFB3AACC740210F0006A0786DD3152E924DE4586B0
                                                                                                                                                                                                                                                                                                                                                                      Function 006D039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(00000000,00000000,?,006D0704,?,?,00000000,?,006D0704,00000000,0000000C), ref: 006D03B7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e716aa98da3643f345f0d3b0e8e40b6b84f73ae52eeeaf176a22cbfd1c54fa66
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bf936ca4af1890fcbd38f7e71dca6590a6a18a57f515eae3cf1c74d895251567
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e716aa98da3643f345f0d3b0e8e40b6b84f73ae52eeeaf176a22cbfd1c54fa66
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A6D06C3204010DBBDF128F84DD06EDA3BAAFB48714F018000BE1856020C736E832AB94
                                                                                                                                                                                                                                                                                                                                                                      Function 00691CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00691CBC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c97f90922001e1191850595d12f22dab7612e083ecf49325cc194e44f1e5acf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d58e0126b2967151d77b0ee00b6cf4ec16966a86156a1d46c21d57a58c790300
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c97f90922001e1191850595d12f22dab7612e083ecf49325cc194e44f1e5acf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45C09B352803049FF2254781BC5EF147754A758B00F54C001F60B555E3C3E55831D658

                                                                                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                      Function 00729576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 006A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0072961A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0072965B
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0072969F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007296C9
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 007296F2
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 0072978B
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000009), ref: 00729798
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007297AE
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000010), ref: 007297B8
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007297E9
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00729810
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001030,?,00727E95), ref: 00729918
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0072992E
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00729941
                                                                                                                                                                                                                                                                                                                                                                      • SetCapture.USER32(?), ref: 0072994A
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 007299AF
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 007299BC
                                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007299D6
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 007299E1
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00729A19
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00729A26
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00729A80
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00729AAE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00729AEB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00729B1A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00729B3B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00729B4A
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00729B68
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00729B75
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00729B93
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 00729BFA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00729C2B
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00729C84
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00729CB4
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00729CDE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32 ref: 00729D01
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 00729D4E
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00729D82
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9944: GetWindowLongW.USER32(?,000000EB), ref: 006A9952
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00729E05
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGID$F$p#v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429851547-1383027076
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5cc1c1e0a93c139dda74ca84fdceb75acd637631f3943b58127eb3460ea00ccb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 23deb38ae1a883d3ccd5743eb4276def903162099d6c105c67bd444a00272c9f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5cc1c1e0a93c139dda74ca84fdceb75acd637631f3943b58127eb3460ea00ccb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB429930204250EFDB21CF24DC48AAABBE5FF49320F18465DF69A872A1D739E961CF55
                                                                                                                                                                                                                                                                                                                                                                      Function 00724873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 007248F3
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00724908
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00724927
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0072494B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0072495C
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0072497B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 007249AE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 007249D4
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00724A0F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00724A56
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00724A7E
                                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00724A97
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00724AF2
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00724B20
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00724B94
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00724BE3
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00724C82
                                                                                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00724CAE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00724CC9
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00724CF1
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00724D13
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00724D33
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,00000000,00000001), ref: 00724D5A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 87b55b84983320364b2ae7ba2b9be357c73d143e8ae6664fcde5b95fcc70300d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4869c59602bfdf3dd8abe34a2c3fa3fdb34b6d02f1c30c41ab10d9561d721009
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87b55b84983320364b2ae7ba2b9be357c73d143e8ae6664fcde5b95fcc70300d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE122371600224ABEB258F28EC49FAE7BF8FF85310F144169F515EB2E1DB789A41CB54
                                                                                                                                                                                                                                                                                                                                                                      Function 006AF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 006AF998
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 006EF474
                                                                                                                                                                                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 006EF47D
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000009), ref: 006EF48A
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 006EF494
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006EF4AA
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 006EF4B1
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 006EF4BD
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 006EF4CE
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 006EF4D6
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 006EF4DE
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 006EF4E1
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 006EF4F6
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 006EF501
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 006EF50B
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 006EF510
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 006EF519
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 006EF51E
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 006EF528
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 006EF52D
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 006EF530
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,000000FF,00000000), ref: 006EF557
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f4f7016749cd2ee4028870d95df936a2947960d8e88ae005520b5b9208ea7ba5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8ea6fa5eef4b108170d809e8bf7d86dea4cf2ec1df6c94ec0436967e1132b5c9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4f7016749cd2ee4028870d95df936a2947960d8e88ae005520b5b9208ea7ba5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA31E671A40358BFEB312BB24C4AFBF3E6DEB54B50F104025FA01E61D1C6B49D12AEA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1201 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006F170D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006F173A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F16C3: GetLastError.KERNEL32 ref: 006F174A
                                                                                                                                                                                                                                                                                                                                                                      • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 006F1286
                                                                                                                                                                                                                                                                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 006F12A8
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 006F12B9
                                                                                                                                                                                                                                                                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 006F12D1
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessWindowStation.USER32 ref: 006F12EA
                                                                                                                                                                                                                                                                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 006F12F4
                                                                                                                                                                                                                                                                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 006F1310
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006F11FC), ref: 006F10D4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10BF: CloseHandle.KERNEL32(?,?,006F11FC), ref: 006F10E9
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID: $default$winsta0$Zu
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 22674027-3550843439
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4587e632a39efbb37a2071ab90fc5b5f1620ee52fa2e96a0af0a7da948c05f7d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5c1fb2d379f905a812f343efe8191a813dd150d981376563c40cc1dbb968355a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4587e632a39efbb37a2071ab90fc5b5f1620ee52fa2e96a0af0a7da948c05f7d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D81997190020CEBDF219FA4CC49BFE7BBAFF45740F148129FA11AA2A0C7758A45CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 006F0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006F1114
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F1120
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F112F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F1136
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006F114D
                                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006F0BCC
                                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006F0C00
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 006F0C17
                                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 006F0C51
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006F0C6D
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 006F0C84
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 006F0C8C
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 006F0C93
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006F0CB4
                                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 006F0CBB
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006F0CEA
                                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006F0D0C
                                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006F0D1E
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006F0D45
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0D4C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006F0D55
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0D5C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006F0D65
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0D6C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 006F0D78
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0D7F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1193: GetProcessHeap.KERNEL32(00000008,006F0BB1,?,00000000,?,006F0BB1,?), ref: 006F11A1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006F0BB1,?), ref: 006F11A8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006F0BB1,?), ref: 006F11B7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12b9aea40d04f8d356170fba7b51ae7e5be198be33ed885b61852ec855f460fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 11028cb6ce2aaffd0d9643b56f688ee239b080d3e09f039a429a2ec36c1d71d9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12b9aea40d04f8d356170fba7b51ae7e5be198be33ed885b61852ec855f460fa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86715D7590020EABEF21DFA4DC46FFEBBBABF18300F148515EA14A6291D775A905CB60
                                                                                                                                                                                                                                                                                                                                                                      Function 0070EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(0072CC08), ref: 0070EB29
                                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000D), ref: 0070EB37
                                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000D), ref: 0070EB43
                                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0070EB4F
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0070EB87
                                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0070EB91
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0070EBBC
                                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(00000001), ref: 0070EBC9
                                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(00000001), ref: 0070EBD1
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0070EBE2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0070EC22
                                                                                                                                                                                                                                                                                                                                                                      • IsClipboardFormatAvailable.USER32(0000000F), ref: 0070EC38
                                                                                                                                                                                                                                                                                                                                                                      • GetClipboardData.USER32(0000000F), ref: 0070EC44
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0070EC55
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 0070EC77
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0070EC94
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 0070ECD2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 0070ECF3
                                                                                                                                                                                                                                                                                                                                                                      • CountClipboardFormats.USER32 ref: 0070ED14
                                                                                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 0070ED59
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 03794cfd076edd5340dede39f47f481f4901104be6eef9bb4d49a36c93ef0d11
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fb2becc77c9d40e6f56899be2a8e03aa824629ba27c284a53910b912fa7aa063
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03794cfd076edd5340dede39f47f481f4901104be6eef9bb4d49a36c93ef0d11
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8261DE70204201DFD711EF24D894F2A77E9EF94704F048A1DF456872E1CB39E906CBA6
                                                                                                                                                                                                                                                                                                                                                                      Function 0070698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 007069BE
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00706A12
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00706A4E
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00706A75
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00706AB2
                                                                                                                                                                                                                                                                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 00706ADF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd0c8e858d1d189bd5c54eb15c1d83b604c46b91b9741ad1d9e5053e9c028366
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ecb93d984134bc43b847642da8ab0a7fad79d78f133c4792ae6006c2220b3718
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd0c8e858d1d189bd5c54eb15c1d83b604c46b91b9741ad1d9e5053e9c028366
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76D17FB2508300AFC754EBA4C891EAFB7EDAF98704F44491DF585C7191EB78DA04CB62
                                                                                                                                                                                                                                                                                                                                                                      Function 00709642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00709663
                                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 007096A1
                                                                                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 007096BB
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 007096D3
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 007096DE
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 007096FA
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0070974A
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00756B7C), ref: 00709768
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00709772
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0070977F
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0070978F
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee113965743c0122eb650da30dc70252ce859e3ab052bfc886613369d1ed8a1d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1ef313f6463b1cbdadff8d53ef18e983781c4705e63f9a3b041e88a1b1b0e5fd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee113965743c0122eb650da30dc70252ce859e3ab052bfc886613369d1ed8a1d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3431E372541219AEDF21EFB4DC09ADE77ECAF09320F108255FA05E20D1DB78DA858A54
                                                                                                                                                                                                                                                                                                                                                                      Function 0070979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 007097BE
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00709819
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00709824
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 00709840
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00709890
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(00756B7C), ref: 007098AE
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 007098B8
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 007098C5
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 007098D5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 006FDB00
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b033658a32fdcd0ae181110aab6dfcc80c58fc84445a7ebe09855b2263968466
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: af4d7c14e3a84401a68d540ec8672a6151061680332bf4a96fcb2192a56d17cb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b033658a32fdcd0ae181110aab6dfcc80c58fc84445a7ebe09855b2263968466
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C31C771501619AEDF21DFB4DC48ADE77ECAF16320F108255EA10A22D2DB78DA858B64
                                                                                                                                                                                                                                                                                                                                                                      Function 006FD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00693A97,?,?,00692E7F,?,?,?,00000000), ref: 00693AC2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FE199: GetFileAttributesW.KERNEL32(?,006FCF95), ref: 006FE19A
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 006FD122
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 006FD1DD
                                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 006FD1F0
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 006FD20D
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 006FD237
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,006FD21C,?,?), ref: 006FD2B2
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?), ref: 006FD253
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 006FD264
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc002378ede833a16e02ec9d63fb5a457468e947cc00e0f48df15d9b8c5a03c7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ca55af802d7e4eb4b70f0206d11ee70eecc0abda6546341818c6b35cae36c945
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc002378ede833a16e02ec9d63fb5a457468e947cc00e0f48df15d9b8c5a03c7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51615C3180111DAACF55EBE4CA929FDB7BBAF15300F20816DE50277291EB316F09CBA5
                                                                                                                                                                                                                                                                                                                                                                      Function 0070ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e6cb1e19eb2cc9b20ca77e6df433707c14a9b3b95ea6d34bbfd24ed3e3aae0e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 09aeb4094f2c16c45068aee31641b9c8fa78941664ce1900116a7a79e20721f4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e6cb1e19eb2cc9b20ca77e6df433707c14a9b3b95ea6d34bbfd24ed3e3aae0e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C419C35204611EFE721DF15D888B19BBE5FF54328F14C59DE41A8BAA2C739EC42CB94
                                                                                                                                                                                                                                                                                                                                                                      Function 006FE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006F170D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006F173A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F16C3: GetLastError.KERNEL32 ref: 006F174A
                                                                                                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 006FE932
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                      • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bcb8ae8edb9915417772ac4116d389b76e408e3ab86294e64df405d2d506e96b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 539ff7edb27a2485528771f12158c502a2a9bc2e25fc88939ef5a35cfd406b4a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcb8ae8edb9915417772ac4116d389b76e408e3ab86294e64df405d2d506e96b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E017632610218ABEB6427B89C86FFF369EAB14341F144421FE02E21E1DAE65C4081F8
                                                                                                                                                                                                                                                                                                                                                                      Function 00711204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006), ref: 00711276
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00711283
                                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 007112BA
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 007112C5
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 007112F4
                                                                                                                                                                                                                                                                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00711303
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 0071130D
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 0071133C
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6723f249efd387329bc3d58883d3e525bf39b5515c18d95415db94359fd8f671
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6ed51f2ba927f544fa75b7e19cfbd83ae097f2ee6ad8b426538bd26589803c0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6723f249efd387329bc3d58883d3e525bf39b5515c18d95415db94359fd8f671
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C4192316001409FD720DF28C488B69BBE6BF46318F58C198D9569F2D6C779ED82CBE1
                                                                                                                                                                                                                                                                                                                                                                      Function 006CB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CB9D4
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CB9F8
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CBB7F
                                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00733700), ref: 006CBB91
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0076121C,000000FF,00000000,0000003F,00000000,?,?), ref: 006CBC09
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00761270,000000FF,?,0000003F,00000000,?), ref: 006CBC36
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CBD4B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9fb07fa50fa11679ba9d460c8d1c4053fdcd9baebed481779f9520130ebe2ebb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5848f54907671d5dafb977fc2c850e31caf5f3607006053e90c6763145a85d56
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fb07fa50fa11679ba9d460c8d1c4053fdcd9baebed481779f9520130ebe2ebb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F3C12671A04245AFCB20AF798C52FFA7BAAEF41310F18619EE495D7351EB309E41CB58
                                                                                                                                                                                                                                                                                                                                                                      Function 006FD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00693A97,?,?,00692E7F,?,?,?,00000000), ref: 00693AC2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FE199: GetFileAttributesW.KERNEL32(?,006FCF95), ref: 006FE19A
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 006FD420
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 006FD470
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 006FD481
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 006FD498
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 006FD4A1
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c728172cba51aceaf3a0ef20c3a95e8a1a69d97a8fd620f398117c5a0a05b57b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 79fb202d6a3ad2c6c1b344e411beed62ff898db4ae9edff956c2d33673b4d5db
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c728172cba51aceaf3a0ef20c3a95e8a1a69d97a8fd620f398117c5a0a05b57b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F319E310083459BC755EF64C8918BFB7EEBEA1304F408E1DF5D593291EB20AA09D7AB
                                                                                                                                                                                                                                                                                                                                                                      Function 006CE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 98f14f5be4536ab705732abfec5539e5a116dfa3fe8e39cb6063b3c6dad28692
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2bcdf9bccea628fbe882d9bd101aa69e05111ba5ef73f7fadada9d2e8f8f8fe0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98f14f5be4536ab705732abfec5539e5a116dfa3fe8e39cb6063b3c6dad28692
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0C22972E046288FDB65CF289D40BEAB7B6EB48315F1441EED44DE7241E779AE818F40
                                                                                                                                                                                                                                                                                                                                                                      Function 0070648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007064DC
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00706639
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0072FCF8,00000000,00000001,0072FB68,?), ref: 00706650
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 007068D4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 84fa8d138c3da964ccf4d3d597bf3696ecea4e6ad7e108126bc84600525db0b2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4545fa7c05312c239bb20720eb8dace52bd08c32378956a9bb784aa7733be077
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84fa8d138c3da964ccf4d3d597bf3696ecea4e6ad7e108126bc84600525db0b2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86D15871508301AFC754EF24C89196BB7E9FF98314F00496DF5958B2A1EB70ED09CBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 007122DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(?,?,00000000), ref: 007122E8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0070E4EC: GetWindowRect.USER32(?,?), ref: 0070E504
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00712312
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00712319
                                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00712355
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00712381
                                                                                                                                                                                                                                                                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 007123DF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 016233e9238a3932804a1feeaa9cbfe559efb72a1bc144b1cec542da31a4fddf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4c556154c771f040879b9515a76eac44975b96ceb52bb3436c807e884e47b1fc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 016233e9238a3932804a1feeaa9cbfe559efb72a1bc144b1cec542da31a4fddf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0310272104305AFC720DF18C848B9BBBAAFF84310F00091DF99497192DB38EA5ACB96
                                                                                                                                                                                                                                                                                                                                                                      Function 00709B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00709B78
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00709C8B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00703874: GetInputState.USER32 ref: 007038CB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00703874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00703966
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00709BA8
                                                                                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00709C75
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd2322abf656d3a93d35d091c11593d7c72fe6a790db28824dd8ce664f8a01fc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6ffc2f678ef3624f78512e2cceceeb968ac0bb643a339ecaab18e446892a28ca
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd2322abf656d3a93d35d091c11593d7c72fe6a790db28824dd8ce664f8a01fc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23417EB190020ADFDF55DF64C945AEEBBF9EF15310F20825AE905A21D2EB349E84CF64
                                                                                                                                                                                                                                                                                                                                                                      Function 006A997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 006A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 006A9A4E
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 006A9B23
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 006A9B36
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ff3a058a3ba86f8e54b67ded3b9838e17f85629155ecb5c84c7200c0f7682fb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 09f61aaea490def362eec30b3953cc2087fbbacd62f4310e721bfd871f481464
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff3a058a3ba86f8e54b67ded3b9838e17f85629155ecb5c84c7200c0f7682fb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37A12B70109694FEE729BA2D9C4DEFB26DFDB43300F38410AF602C6795CA299D02DA75
                                                                                                                                                                                                                                                                                                                                                                      Function 00711806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071304E: inet_addr.WSOCK32(?), ref: 0071307A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071304E: _wcslen.LIBCMT ref: 0071309B
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 0071185D
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00711884
                                                                                                                                                                                                                                                                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 007118DB
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 007118E6
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 00711915
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ee9da632f6465c646a1bf58e794cccaff6a5179a32f402d51697013b7dfc033
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f819203d8d7dec1ebc1866d23b3ade86036a2ed023326eeacb256c66691508e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ee9da632f6465c646a1bf58e794cccaff6a5179a32f402d51697013b7dfc033
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4751C471A002009FEB50AF24C886F6A77EAAF49728F44C05CF9155F3D3D775AD418BA5
                                                                                                                                                                                                                                                                                                                                                                      Function 00721C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a42c34a18354cec36e651ee2a88b31a3ae6dbfb36f053ad62cb7f49fb08bdadf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b32223b14e2ce42d12c4139765af21a747c762e261c877a6d7c29bbb71697c9e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a42c34a18354cec36e651ee2a88b31a3ae6dbfb36f053ad62cb7f49fb08bdadf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F221E7357402209FD7218F1AE844B2A7BE5FFA5324F99806CE845CB351D779ED82CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 00698060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e22446e42ffb9c04c72a4ccae9eb21366e1b00bf4a089df0a2140431c64fb69b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6c2129376d13b00e7a5eb49c3408164855e30b435bacbb1bc071f3d25e314bd7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e22446e42ffb9c04c72a4ccae9eb21366e1b00bf4a089df0a2140431c64fb69b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7A25B71E0061ACFDF24CF58C9407EDB7B7AB55310F2481AAE816AB785DB749E81CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 006F8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 006F82AA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ($tbu$|
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-2585780264
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 283e9d76799dccf0b44b6d55c860a25663826c36aab50d1b1b865c9fbf7a95ec
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 656c980805f8576c63aadb585dc8a7ffc288e2ac39046acf37a191e0bc8e98c6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 283e9d76799dccf0b44b6d55c860a25663826c36aab50d1b1b865c9fbf7a95ec
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99324775A007059FCB28CF59C081AAAB7F1FF48710B15C5AEE59ADB3A1EB70E941CB44
                                                                                                                                                                                                                                                                                                                                                                      Function 006FAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 006FAAAC
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080), ref: 006FAAC8
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 006FAB36
                                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 006FAB88
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: da1e5e967492a6f9abfa60ac1c58109c15c990a0b600bc982599d40876d361c4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9cc02464a72552eaa0d09323545629627dd59d29dacbf060d5eee213be7154a0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da1e5e967492a6f9abfa60ac1c58109c15c990a0b600bc982599d40876d361c4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C3118B0A4020CAFFB358BA4CC05BFA7BA7AF45310F04821AF2C9562D0D3748986C766
                                                                                                                                                                                                                                                                                                                                                                      Function 0070CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,?,00000400,?), ref: 0070CE89
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0070CEEA
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000), ref: 0070CEFE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ea39352ba5e06cbf3e52c3d1cd12b9fa9f8c24c1e18ba1fdb61f35b4c59a1294
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 21cfddd3fa41034e9cb6ea7d27740671ecedd182b7132004b56f65e69d953749
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea39352ba5e06cbf3e52c3d1cd12b9fa9f8c24c1e18ba1fdb61f35b4c59a1294
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2421CFB2500705DBE732CF65C988BAB77FCEB10318F20862EE646D2191E778EE458B54
                                                                                                                                                                                                                                                                                                                                                                      Function 006C2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 006C271A
                                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006C2724
                                                                                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 006C2731
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bcfc1978252150d811d364fa7d2e5696a28a8302d4adb6fe6d5054691debd012
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 356025dcf5ee036f4ad061ed8588fddd50e1fb9fd25e775b7b3319b405385865
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcfc1978252150d811d364fa7d2e5696a28a8302d4adb6fe6d5054691debd012
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E831C4749012199BCB61DF64DC88BDDBBB9EF08310F5081EAE81CA6261E7749F818F59
                                                                                                                                                                                                                                                                                                                                                                      Function 007051CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 007051DA
                                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00705238
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 007052A1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 86cf5716d7375c4170dac7aab975747c5a736c484b563a1c420f58022562b635
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 01b58db539a95d91ee9ac03558e38188c23ba874c48e22986a326f2b9e09378e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86cf5716d7375c4170dac7aab975747c5a736c484b563a1c420f58022562b635
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5318E75A00508DFDB00DF54D885EAEBBF5FF48314F088099E805AB3A2DB35E856CB94
                                                                                                                                                                                                                                                                                                                                                                      Function 006F16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 006B0668
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 006B0685
                                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 006F170D
                                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 006F173A
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006F174A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b80a5cc97410a665f8671ba66dec42966fc1ca064694322aa1d0db4e0a9b614c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 68dd77a21b33dcfcfe3f39a4d0844e3b8d019afa498842ca6fcc7bbbe2e2543f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b80a5cc97410a665f8671ba66dec42966fc1ca064694322aa1d0db4e0a9b614c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F01191B2404308EFE728AF54DC86D6AB7FAEF45754B20852EE05657241EB70BC428F64
                                                                                                                                                                                                                                                                                                                                                                      Function 006FD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006FD608
                                                                                                                                                                                                                                                                                                                                                                      • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 006FD645
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 006FD650
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d84ab098178d42b754b62f38fb3ad739a7e03996ca8d3c95a6034da25ed6c8d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fdba7ad036f26622747d3d00096d58f2e7b93594b71efa741ee3623285e53d16
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d84ab098178d42b754b62f38fb3ad739a7e03996ca8d3c95a6034da25ed6c8d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F0118E71E01228BFDB218F94DC45FAFBBBDEB45B60F108115F904E7290C6705A018BA1
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 006F168C
                                                                                                                                                                                                                                                                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 006F16A1
                                                                                                                                                                                                                                                                                                                                                                      • FreeSid.ADVAPI32(?), ref: 006F16B1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c176cacf979c8b00a780cd8aaf2b1a50189a184e5f6fd6c060daaea204d598d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c9788736553f1cb26a628d707f82a420cc2f9140da5e66b68cc45827ab9aa2ed
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c176cacf979c8b00a780cd8aaf2b1a50189a184e5f6fd6c060daaea204d598d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11F0F47195030DFBDB10DFE49C89EAEBBBDFB08644F508565E601E2181E774AA448A54
                                                                                                                                                                                                                                                                                                                                                                      Function 006CC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 34361b44f0f525747f2e8b1dc06afeb2f2a2d8c2da8bb0aef67ad2ad8398a313
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1feb22d367a1a2833bdce418a14c982cc4ea64075faae3eb234a950a6814f376
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34361b44f0f525747f2e8b1dc06afeb2f2a2d8c2da8bb0aef67ad2ad8398a313
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF4128725002196FCB249FB9DC48EFB77BAEB84324F10816DF909C7280E6719E418B54
                                                                                                                                                                                                                                                                                                                                                                      Function 006BCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd9bc8541a20b6af02d52d14c0b19423ebcc7df1c3f7701412fba753451881c0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F020DB1E001199BDF14CFA9C8806EEBBF6EF58324F25416AD919EB344D731AA41CB94
                                                                                                                                                                                                                                                                                                                                                                      Function 0069CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Variable is not of type 'Object'.$p#v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3904201508
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1fd1df7d2ce4669b9baaa7b795e598ba480614750375367842c26d2849e80520
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 156211f45aaab4f7f644615aeb3a1400a956e88e750ff5825ace1a818fd3573b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1fd1df7d2ce4669b9baaa7b795e598ba480614750375367842c26d2849e80520
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA32BE70900208DBDF14DF94C995AEDB7BBFF05314F248069E806AB782D775AE4ACB60
                                                                                                                                                                                                                                                                                                                                                                      Function 007068EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00706918
                                                                                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00706961
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d8bc3d2bacb8084cc4400c9d430ec7ee8895c99f0666aa96f553ecce04cf0945
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d1ec8c4c9b5abe66bd17e4aaed29f7d8933a0ccc76c65edd21d932f4fbfb4734
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8bc3d2bacb8084cc4400c9d430ec7ee8895c99f0666aa96f553ecce04cf0945
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6118E71614201DFD710DF29D484A1ABBE5FF85328F14C69DE4698F6A2CB34EC05CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 007037B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00714891,?,?,00000035,?), ref: 007037E4
                                                                                                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00714891,?,?,00000035,?), ref: 007037F4
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 95243730a2cdd07174517cf98bd4341c0ae5683f58cf45d2a72d287933bcb082
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14246ca6120bd168b1b8d6d55f2e6252f2623a2c073a8e6b41e04f8350660ae2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95243730a2cdd07174517cf98bd4341c0ae5683f58cf45d2a72d287933bcb082
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1F0EC706042146AE76057658C4DFEB36EEEFC5765F004365F505D22C1D9705904C6B4
                                                                                                                                                                                                                                                                                                                                                                      Function 006FB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 006FB25D
                                                                                                                                                                                                                                                                                                                                                                      • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 006FB270
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 637b8daf177352107611ce364b556031de066e2331a7926ebc61c0999dd71565
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ea7d1d296ab6368d72d3fc88f55e5c3be3cef620c79fe49f479c55faf0a9e863
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 637b8daf177352107611ce364b556031de066e2331a7926ebc61c0999dd71565
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EBF01D7180424DABDF159FA1C805BFE7BB5FF05305F109009FA55A5191C37DC6129F94
                                                                                                                                                                                                                                                                                                                                                                      Function 006F10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,006F11FC), ref: 006F10D4
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,006F11FC), ref: 006F10E9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 15fda57cf723be851d5af47cad92af59ebbffacd7482b0da1226c57b2c0cb05e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 53f9c911518fc7c3b74d0664e1d4ce9cbb810f216b2b84dbbd50ecc51f69fb93
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15fda57cf723be851d5af47cad92af59ebbffacd7482b0da1226c57b2c0cb05e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDE04F32004600EEE7362B61FC05E7777EAEF05320B20C82DF5A5804B1DB626CA1DB58
                                                                                                                                                                                                                                                                                                                                                                      Function 006C676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,006C6766,?,?,00000008,?,?,006CFEFE,00000000), ref: 006C6998
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7998deb7962eb0795ec65a05b01a94ebf31e76e7c528b0ab6bab835819c1da7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b81beae01f0dc4ec8ccdda4e0c3980a91fc31de35b4df22b10e07522e07b58d2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7998deb7962eb0795ec65a05b01a94ebf31e76e7c528b0ab6bab835819c1da7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04B148316106099FD719CF28C48ABA57BA1FF45364F25865CF89ACF2A2C335E982CB44
                                                                                                                                                                                                                                                                                                                                                                      Function 006AB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df206149fc5bdd7564c19625958d91c249aa9fbe39948d683de87b4772d190c1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a9af54d0eac6e3dc7e553f1f87147f6dbc9f250b610546d7af260605dc842b5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df206149fc5bdd7564c19625958d91c249aa9fbe39948d683de87b4772d190c1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09124E719002299FCB14DF59C8816EEB7F6FF49710F14819AE849EB256DB349E81CF90
                                                                                                                                                                                                                                                                                                                                                                      Function 0070EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • BlockInput.USER32(00000001), ref: 0070EABD
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4051ae0bfff2df2fbe76f740011b8def0d32c2261cf21dd1b818da14cbd170be
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c8390b7fbfdbcf187a6370d915eb1c61fb091f6adc1a806fce416d746ef3d7cd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4051ae0bfff2df2fbe76f740011b8def0d32c2261cf21dd1b818da14cbd170be
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93E01A722002049FC710EF59D804E9AB7EDAF98770F00C41AFC49C72A1DA74A8418BA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006B09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,006B03EE), ref: 006B09DA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a2826d4fc3cad09c6bd477128c60927f0a7efae417a684a777363d509b1f7238
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cd6cff16c86ce7cc2c1b489d81e83e48414c947a791fd89b0ad753c964bd040a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2826d4fc3cad09c6bd477128c60927f0a7efae417a684a777363d509b1f7238
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                      Function 006B781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 342c89d3465685f43fed248ff20aff893ec5ca6b2cf653e1d0f40e5b133550f0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E5159F160C7055BDB389578885E7FE679B9BD2340F18052EE882D7382CA15DEC2D35A
                                                                                                                                                                                                                                                                                                                                                                      Function 00702046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0&v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-2710727599
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db255993a1590ad60d10c1dd2376c902483a385952a6b10d0ca6769d5047ace4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30ef52698f613609a71c9a995a943cc00e62cb31bf22a9cd187cfcc8fd4df420
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db255993a1590ad60d10c1dd2376c902483a385952a6b10d0ca6769d5047ace4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9221B7327206118BD728CF79C8276BE73E5A754310F19862EE4A7C37D1DE7AA905CB84
                                                                                                                                                                                                                                                                                                                                                                      Function 006C6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0103ce62418b804034ad567ccfe4652aac2c03a2938667a0f438d8be85287dc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b0aa0768fb0342bbe44ad4d03102a0907d6d8633d165d5471f060b49780421f3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0103ce62418b804034ad567ccfe4652aac2c03a2938667a0f438d8be85287dc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C323531D29F014DE7239634D822335668AEFB73D6F15D73BF81AB5AA6EB29C4834104
                                                                                                                                                                                                                                                                                                                                                                      Function 006ACC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7374ee891d052eb05e58593886dd1ac08d684e9181785b6508e1b9144663053f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 921470377fc04f9cb7e39a5916673a584139866cf678670e315b4bdd519a8326
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7374ee891d052eb05e58593886dd1ac08d684e9181785b6508e1b9144663053f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9320631A053958BDF28DB2EC4946FD77A3EB46330F28856AD45A8B391D234ED83DB40
                                                                                                                                                                                                                                                                                                                                                                      Function 00697920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 689e0659464e1cfa40cd2394e03ec14ae22297c948844e7274ca7ecd0b02d87d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 748e6ce67d7c0232eb00be39c544be1041c7ff1db1b5ff80798583bcca27b2f4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 689e0659464e1cfa40cd2394e03ec14ae22297c948844e7274ca7ecd0b02d87d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A229DB0E006099FDF14DFA4D881AEEB7F6FF44300F10452AE812A7B91EB35A955CB55
                                                                                                                                                                                                                                                                                                                                                                      Function 006991C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: afaeeedc74e54104ed2bb7109e18b6d6c6a5d81564d9faaadd2bdb0df6665701
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0e75ce7e53752e21d217c27b30f1770d0646d480dbc4c183d64d1b791f6ad2a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afaeeedc74e54104ed2bb7109e18b6d6c6a5d81564d9faaadd2bdb0df6665701
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F602B7B0E1020AEBDF05EF54D981AADB7B6FF44300F108169E8169B391EB35EE51CB95
                                                                                                                                                                                                                                                                                                                                                                      Function 006B1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e5753145b28762973e0941c9b6560faaf1890d0c63750d5936bd0a0727820c26
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 529177B25080E35ADB29463A85740FEFFE25E533A135A079DD4F2CE2C5EE24C9A5D720
                                                                                                                                                                                                                                                                                                                                                                      Function 006B19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 70537054bd9abba08dc887cdcc32c6d8ed371ee0318b0804c53ab64df1bab6e6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 319193B22090E35ADB29427A85740FEFFE25A933A135A079DD4F2CE2C5FE14D6949720
                                                                                                                                                                                                                                                                                                                                                                      Function 006B7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b412ac3842d0ae174739f8b4bfbe9f301afbc1c971f39119b209bfa852e681a1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2953ce12247dea54327bfcf7523d13ab7504dccfdc65e184f4214c5075e88cc4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b412ac3842d0ae174739f8b4bfbe9f301afbc1c971f39119b209bfa852e681a1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 226158F12087096ADEB49E288D95BFE239BDFD1700F14091DE842DB3C2DA119EC2CB59
                                                                                                                                                                                                                                                                                                                                                                      Function 006B1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2fd6ad075724e625acec9851bc6190df081b7cfc9a9c2ea8242e7e4e0ebbe14e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 098154B25090E35ADB69463985344FEFFE36A933A135A07ADD4F2CF2C1EE148694D720
                                                                                                                                                                                                                                                                                                                                                                      Function 006AD07D Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c1d3a33ca4e59eff57b3d421cfd475d0c62b7ae7bd5639fc733f52a59db0df8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 88689855e2b60b7c547d3a1335c22db95b7220f2d4b6e2323a44ce70b648fd5e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c1d3a33ca4e59eff57b3d421cfd475d0c62b7ae7bd5639fc733f52a59db0df8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E951046544EBC94FD3169F708A1B145FFB0BEA2910308CA8FC9E746696CF60B20EE745
                                                                                                                                                                                                                                                                                                                                                                      Function 00712ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00712B30
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00712B43
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00712B52
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00712B6D
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00712B74
                                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00712CA3
                                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00712CB1
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712CF8
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00712D04
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00712D40
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712D62
                                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712D75
                                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712D80
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00712D89
                                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712D98
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00712DA1
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712DA8
                                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00712DB3
                                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712DC5
                                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,0072FC38,00000000), ref: 00712DDB
                                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00712DEB
                                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00712E11
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00712E30
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00712E52
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0071303F
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2a9c0c8a9b786990d8376d079c87e9cf2ef9b0f81458a4bbeb664e1a4c08d7ac
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 75138f8d26e992cbae0efce95791fb9cb11e1f06928e8d41733d5f9bdf094cdb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a9c0c8a9b786990d8376d079c87e9cf2ef9b0f81458a4bbeb664e1a4c08d7ac
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE026E71500204EFDB25DF68CD89EAE7BB9EF48710F048158F915AB2A1DB78ED42CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 007270D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 0072712F
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00727160
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 0072716C
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 00727186
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00727195
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 007271C0
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000010), ref: 007271C8
                                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 007271CF
                                                                                                                                                                                                                                                                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 007271DE
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 007271E5
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 00727230
                                                                                                                                                                                                                                                                                                                                                                      • FillRect.USER32(?,?,?), ref: 00727262
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00727284
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: GetSysColor.USER32(00000012), ref: 00727421
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: SetTextColor.GDI32(?,?), ref: 00727425
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: GetSysColorBrush.USER32(0000000F), ref: 0072743B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: GetSysColor.USER32(0000000F), ref: 00727446
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: GetSysColor.USER32(00000011), ref: 00727463
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: CreatePen.GDI32(00000000,00000001,rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr), ref: 00727471
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: SelectObject.GDI32(?,00000000), ref: 00727482
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: SetBkColor.GDI32(?,00000000), ref: 0072748B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: SelectObject.GDI32(?,?), ref: 00727498
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: InflateRect.USER32(?,000000FF,000000FF), ref: 007274B7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007274CE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 007273E8: GetWindowLongW.USER32(00000000,000000F0), ref: 007274DB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 771e7e9881f48fac75ac325d65860b6f8b059d6debcc04d0d7f539ca0a7cea7b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e28b2cd642e99431c976a1c0ec9322a0d596dde269e637ca43c9b7fa3739e612
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 771e7e9881f48fac75ac325d65860b6f8b059d6debcc04d0d7f539ca0a7cea7b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63A1D172008311EFD7219F60DC49A5F7BE9FF88320F104A18F962961E1D778E915CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 006A8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?), ref: 006A8E14
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 006E6AC5
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 006E6AFE
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 006E6F43
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,006A8BE8,?,00000000,?,?,?,?,006A8BBA,00000000,?), ref: 006A8FC5
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 006E6F7F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 006E6F96
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 006E6FAC
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?), ref: 006E6FB7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f878fe3abea8798a5b102d2a0500f9a88f6dbff2f447dc1a2caca9f2cf23ecb8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 612bdb3f2d4acaa8e71b3d926156215d423ed6ace4871d79f0f2eab5a0a5e7d1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f878fe3abea8798a5b102d2a0500f9a88f6dbff2f447dc1a2caca9f2cf23ecb8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D12AC30206381DFDB25DF15C848BA9B7A2FF65340F688469F4858B261CB76EC52CF95
                                                                                                                                                                                                                                                                                                                                                                      Function 007273E8 Relevance: 47.5, APIs: 26, Strings: 1, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00727421
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 00727425
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 0072743B
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00727446
                                                                                                                                                                                                                                                                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 0072744B
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 00727463
                                                                                                                                                                                                                                                                                                                                                                      • CreatePen.GDI32(00000000,00000001,rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr), ref: 00727471
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 00727482
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 0072748B
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 00727498
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 007274B7
                                                                                                                                                                                                                                                                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007274CE
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 007274DB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0072752A
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00727554
                                                                                                                                                                                                                                                                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 00727572
                                                                                                                                                                                                                                                                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 0072757D
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000011), ref: 0072758E
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00727596
                                                                                                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(?,007270F5,000000FF,?,00000000), ref: 007275A8
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 007275BF
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 007275CA
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 007275D0
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 007275D5
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 007275DB
                                                                                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 007275E5
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                      • String ID: rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1996641542-2575693504
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d7c59c347b4a000195fc675db9bdb2fc0d8e516b385d237bcae30887ce03f53
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d79fd49613b9dbc3e8a7cffb8ea3992959d85eaa7bf4febfccaea0048e4f217
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d7c59c347b4a000195fc675db9bdb2fc0d8e516b385d237bcae30887ce03f53
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1618F72900228AFDF159FA4DC49EEEBFB9EF08320F108115F911AB2A1D7789951CF94
                                                                                                                                                                                                                                                                                                                                                                      Function 00712711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000), ref: 0071273E
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0071286A
                                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 007128A9
                                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 007128B9
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00712900
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0071290C
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00712955
                                                                                                                                                                                                                                                                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00712964
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00712974
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00712978
                                                                                                                                                                                                                                                                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00712988
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00712991
                                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 0071299A
                                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 007129C6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 007129DD
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00712A1D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00712A31
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 00712A42
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00712A77
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00712A82
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00712A8D
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00712A97
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 78b5877655ba38847d42d019f4f0d0393703fd691ae9df0fcbc973fb4c27de36
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 062733ad47e3bf3145053168ae9a2ee03538bf587858fb35f555a1e918f77e08
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78b5877655ba38847d42d019f4f0d0393703fd691ae9df0fcbc973fb4c27de36
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72B15EB1A00215AFEB24DF69DC4AEAE7BA9EB04710F048118F915E72D1D778ED41CB98
                                                                                                                                                                                                                                                                                                                                                                      Function 00704ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00704AED
                                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,0072CB68,?,\\.\,0072CC08), ref: 00704BCA
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,0072CB68,?,\\.\,0072CC08), ref: 00704D36
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d05533288cb5265cf64d0bc51cea9a678b9f0bc1048e3818b7ffbadc9b5cf9a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 05d2e7a513c6338bde89d07d214f3261a0bd7160040e4b9ed08424abb3f14e81
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d05533288cb5265cf64d0bc51cea9a678b9f0bc1048e3818b7ffbadc9b5cf9a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A261F0F0300209EBDF04DF24CA929BE77F1AB04301B248619FA06AB6D1DA7DED45DB61
                                                                                                                                                                                                                                                                                                                                                                      Function 00720FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00721128
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 0072113D
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00721144
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00721199
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 007211B9
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 007211ED
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0072120B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0072121D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,?), ref: 00721232
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00721245
                                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 007212A1
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 007212BC
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 007212D0
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 007212E8
                                                                                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 0072130E
                                                                                                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00721328
                                                                                                                                                                                                                                                                                                                                                                      • CopyRect.USER32(?,?), ref: 0072133F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000412,00000000), ref: 007213AA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f50fbb0b7eaa289ecd5f4857face8e288359c435f8048653795123a82ce1f765
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bc1908e703347404155d7014ab30240451fe9b567b50d859f44e2c4a6f4a7ae1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f50fbb0b7eaa289ecd5f4857face8e288359c435f8048653795123a82ce1f765
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68B19B71604350AFDB10DF24D884B6EBBE9FF98300F40891CF9999B261C735E845CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 00720241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 007202E5
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0072031F
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00720389
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007203F1
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00720475
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 007204C5
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00720504
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AF9F2: _wcslen.LIBCMT ref: 006AF9FD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 006F2258
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 006F228A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 44cb1254076e4253534021bf9cb1e5b46fe529dbe0fa97d8488bca70658543bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0dbc3d50d995011e4409c9cb1817fbf825a61479ff7d5e3354a5a1017c8f03be
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44cb1254076e4253534021bf9cb1e5b46fe529dbe0fa97d8488bca70658543bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0E1C1312082118FCB54EF24D55187AB3E6BF89314F14496CF8969B7A2DB38ED45CBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 006A8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 006A8968
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 006A8970
                                                                                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 006A899B
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 006A89A3
                                                                                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 006A89C8
                                                                                                                                                                                                                                                                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 006A89E5
                                                                                                                                                                                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 006A89F5
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 006A8A28
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 006A8A3C
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 006A8A5A
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 006A8A76
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 006A8A81
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: GetCursorPos.USER32(?), ref: 006A9141
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: ScreenToClient.USER32(00000000,?), ref: 006A915E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: GetAsyncKeyState.USER32(00000001), ref: 006A9183
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: GetAsyncKeyState.USER32(00000002), ref: 006A919D
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,006A90FC), ref: 006A8AA8
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a5d607b48eb045b03a1c826a054f41105e0108bd6f016d7e41f6b4ff9f1f951
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2da4cafb9e8dfcd3bdb6ed83b7b5578af909e67b370c12a8f6b2eadc07f99458
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a5d607b48eb045b03a1c826a054f41105e0108bd6f016d7e41f6b4ff9f1f951
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFB17C71A002099FDF15DFA8CC49BAE3BB6FB58314F148129FA16A7290DB78E841CF55
                                                                                                                                                                                                                                                                                                                                                                      Function 006F0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006F1114
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F1120
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F112F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F1136
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006F114D
                                                                                                                                                                                                                                                                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 006F0DF5
                                                                                                                                                                                                                                                                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 006F0E29
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 006F0E40
                                                                                                                                                                                                                                                                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 006F0E7A
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 006F0E96
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 006F0EAD
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000008), ref: 006F0EB5
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 006F0EBC
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 006F0EDD
                                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 006F0EE4
                                                                                                                                                                                                                                                                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 006F0F13
                                                                                                                                                                                                                                                                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 006F0F35
                                                                                                                                                                                                                                                                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 006F0F47
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006F0F6E
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0F75
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006F0F7E
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0F85
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006F0F8E
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0F95
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 006F0FA1
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F0FA8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1193: GetProcessHeap.KERNEL32(00000008,006F0BB1,?,00000000,?,006F0BB1,?), ref: 006F11A1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,006F0BB1,?), ref: 006F11A8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,006F0BB1,?), ref: 006F11B7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 40435be999ae71b6a2062bcd1630e89f29bf6c151cf9b1034a903ed3d9cb314c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e94b0a8fa381e0590034ca75f99f86b8dbd1793d9d7e22d89d145f2894b4bd17
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40435be999ae71b6a2062bcd1630e89f29bf6c151cf9b1034a903ed3d9cb314c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7717B7290120EEBEF219FA4DC45FFEBBB9BF04300F148115FA19A6292D7359906CB60
                                                                                                                                                                                                                                                                                                                                                                      Function 0071C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0071C4BD
                                                                                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,0072CC08,00000000,?,00000000,?,?), ref: 0071C544
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0071C5A4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071C5F4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071C66F
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 0071C6B2
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 0071C7C1
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 0071C84D
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0071C881
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0071C88E
                                                                                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 0071C960
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f3355d23e4ac9b05b6173c82471aeedb2677b07e70a317d2d1dd0c7c3dc3a888
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a45be07bf041394dc8559662e4c84549c109211c00615e076ec8542f2fb4e7b1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3355d23e4ac9b05b6173c82471aeedb2677b07e70a317d2d1dd0c7c3dc3a888
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82128D352082009FDB55DF18C881A6AB7E6FF88714F15885CF84A9B7A2DB35FC81CB85
                                                                                                                                                                                                                                                                                                                                                                      Function 0072091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 007209C6
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00720A01
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00720A54
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00720A8A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00720B06
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00720B81
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AF9F2: _wcslen.LIBCMT ref: 006AF9FD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 006F2BFA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b337bb1a9c470cb6886b99f34c2161d58324eaa076960adda6217ff3b2dc9f50
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c07cafe8aefb54525e04b79985be0ed33d90551c8e9f13c43e4450427ae82c8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b337bb1a9c470cb6886b99f34c2161d58324eaa076960adda6217ff3b2dc9f50
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60E1BC712083118FCB54EF24D45096AB7E2BF98314F50895CF8969B7A2DB38ED49CBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 0071C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8351c35abd964e77825fe7edcf1317dc2e5265d2b2bf334b41b72912d052785d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6681ca5cf418fe0d0d4dec28addda81f0f3bec77e8f8d02555ca07f2dbef9a5d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8351c35abd964e77825fe7edcf1317dc2e5265d2b2bf334b41b72912d052785d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7971047268412A8BCB22DEFCD9415FF33A6AF60750B144528FC56A72C4EA38CDC4C3A4
                                                                                                                                                                                                                                                                                                                                                                      Function 0072833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0072835A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0072836E
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00728391
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007283B4
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 007283F2
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00725BF2), ref: 0072844E
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00728487
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 007284CA
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00728501
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0072850D
                                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0072851D
                                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(?,?,?,?,?,00725BF2), ref: 0072852C
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00728549
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00728555
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6053c4a0307521b4e3e06e229f7f1a67179f93df9d8d6347b4f4fb659e14e0f8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e34740052434427d52d6d60ebe46e71a8c9f8a38b7e6813ff82f8352366ad9a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6053c4a0307521b4e3e06e229f7f1a67179f93df9d8d6347b4f4fb659e14e0f8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5761D0B1500225BBEB64DF65DC41BFE77A8BF18B21F108609F815D60D1DF79AA90C7A0
                                                                                                                                                                                                                                                                                                                                                                      Function 00697778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a553477487b81f403e1e284ce5ef1ac1fbd97fc7630b4557766319153391bfca
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 328a766a85de06bb03515088547cc7281fa6e737596c3570b763409b97f0bee5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a553477487b81f403e1e284ce5ef1ac1fbd97fc7630b4557766319153391bfca
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A381E7B1A10605ABDF25AF60DC42FEE37AFAF15300F044029F805AB692EB70D955C7A5
                                                                                                                                                                                                                                                                                                                                                                      Function 006F5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000063), ref: 006F5A2E
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 006F5A40
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 006F5A57
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 006F5A6C
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 006F5A72
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 006F5A82
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 006F5A88
                                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 006F5AA9
                                                                                                                                                                                                                                                                                                                                                                      • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 006F5AC3
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 006F5ACC
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006F5B33
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 006F5B6F
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 006F5B75
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 006F5B7C
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 006F5BD3
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 006F5BE0
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000005,00000000,?), ref: 006F5C05
                                                                                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 006F5C2F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3677c1a8b3ab8090e5f0775f1a6c38b941a0da11bcd138fd7b9b4a990f69c074
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d10e1d925279dc6e8ecf0abe132a33d2a873efab4a5ccaa808ff739bf6861875
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3677c1a8b3ab8090e5f0775f1a6c38b941a0da11bcd138fd7b9b4a990f69c074
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3716D31900B09AFDB21DFA8CE85AAEBBF6FF48704F104518E643A26A0D775ED45CB54
                                                                                                                                                                                                                                                                                                                                                                      Function 006F30F7 Relevance: 26.6, APIs: 8, Strings: 7, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT$[u
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-3226587853
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 32cf3005a0ac88dffcdb6692c323ec438cad7e5122d833f54d3ccd1e40d54c4e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 274fc0e0b3514cd9ee0afc320487084a178addae7504337b0779215bda708ead
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32cf3005a0ac88dffcdb6692c323ec438cad7e5122d833f54d3ccd1e40d54c4e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E1D672A0053A9BCB14DFB8C4516FEBBB6BF54710F548129EA56A7340DB30AF8587A0
                                                                                                                                                                                                                                                                                                                                                                      Function 006B00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 006B00C6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0076070C,00000FA0,CE9C3600,?,?,?,?,006D23B3,000000FF), ref: 006B011C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,006D23B3,000000FF), ref: 006B0127
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,006D23B3,000000FF), ref: 006B0138
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 006B014E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 006B015C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 006B016A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006B0195
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 006B01A0
                                                                                                                                                                                                                                                                                                                                                                      • ___scrt_fastfail.LIBCMT ref: 006B00E7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00A3: __onexit.LIBCMT ref: 006B00A9
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • InitializeConditionVariable, xrefs: 006B0148
                                                                                                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS, xrefs: 006B0154
                                                                                                                                                                                                                                                                                                                                                                      • kernel32.dll, xrefs: 006B0133
                                                                                                                                                                                                                                                                                                                                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 006B0122
                                                                                                                                                                                                                                                                                                                                                                      • WakeAllConditionVariable, xrefs: 006B0162
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                      • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c080847c4be49647c2882e8c8268bec3d5e7a6c6a97cb8e2b7dbea4087448019
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: db65b097129fdc0d1530c3c47ddb291e150e3ddb716218cfdb05d777a89f8636
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c080847c4be49647c2882e8c8268bec3d5e7a6c6a97cb8e2b7dbea4087448019
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E212CF2A407106BF7256BB4AC06BAF37A5EB15B51F104539F802A2391DBB89C408BD8
                                                                                                                                                                                                                                                                                                                                                                      Function 007044C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharLowerBuffW.USER32(00000000,00000000,0072CC08), ref: 00704527
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0070453B
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00704599
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007045F4
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0070463F
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007046A7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AF9F2: _wcslen.LIBCMT ref: 006AF9FD
                                                                                                                                                                                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(?,00756BF0,00000061), ref: 00704743
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5bdfddbe2231495948019f3b5b6df3ca95dafd5b2884559a85ede84a9fd0c823
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb1e79507a853ff95833cd2cb9210cbb4f7192ac30646b0d6ffa96e5c49cde3e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bdfddbe2231495948019f3b5b6df3ca95dafd5b2884559a85ede84a9fd0c823
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93B1D2B1608302DFC710DF28C890A6AB7E5BFA5760F504A1DF696C72D1E739D944CBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0072911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 006A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 00729147
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00727674: ClientToScreen.USER32(?,?), ref: 0072769A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00727674: GetWindowRect.USER32(?,?), ref: 00727710
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00727674: PtInRect.USER32(?,?,00728B89), ref: 00727720
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 007291B0
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 007291BB
                                                                                                                                                                                                                                                                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 007291DE
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00729225
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 0072923E
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00729255
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 00729277
                                                                                                                                                                                                                                                                                                                                                                      • DragFinish.SHELL32(?), ref: 0072927E
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00729371
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID$p#v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 221274066-3375364180
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 180612212a2b25ad43e797164b7027d8200879afe82e358dd1a82615646479e8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 24f159a16c1fdf186eff359b5b31624cd7fd591520f83681bfb79a2cbd5c04b1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 180612212a2b25ad43e797164b7027d8200879afe82e358dd1a82615646479e8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82619B71108301AFC701EF64DC89DAFBBE9EF98350F40092EF596931A1DB749A49CB66
                                                                                                                                                                                                                                                                                                                                                                      Function 0069326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00761990), ref: 006D2F8D
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00761990), ref: 006D303D
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 006D3081
                                                                                                                                                                                                                                                                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 006D308A
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(00761990,00000000,?,00000000,00000000,00000000), ref: 006D309D
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 006D30A9
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc4a488eebeb250a0f9af21096427095f00f611ff1d4725a6b467810ca497ff5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5dddf8bbc9d8781830ff5d68b0cec80e65806b60437c109913164a9609b7b0af
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc4a488eebeb250a0f9af21096427095f00f611ff1d4725a6b467810ca497ff5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F712971A40216BEEB218F25CC59FEABF6AFF15324F204207F5256A3E0C7B1A910C795
                                                                                                                                                                                                                                                                                                                                                                      Function 00726CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00726DEB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00726E5F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00726E81
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00726E94
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00726EB5
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00690000,00000000), ref: 00726EE4
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00726EFD
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00726F16
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00726F1D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00726F35
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00726F4D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9944: GetWindowLongW.USER32(?,000000EB), ref: 006A9952
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fc993acaeaa2317bb147de73a27f39906b01b9183409df6cc47a48da4aa32865
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cb11a83ad806ce65752790953c03efc899a2f1f5d166925959e7691c77b30188
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc993acaeaa2317bb147de73a27f39906b01b9183409df6cc47a48da4aa32865
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95716670504344AFDB21CF18EC48AAABBE9FB99304F58445EF98997261C778EA06CF15
                                                                                                                                                                                                                                                                                                                                                                      Function 0070C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0070C4B0
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0070C4C3
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0070C4D7
                                                                                                                                                                                                                                                                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0070C4F0
                                                                                                                                                                                                                                                                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0070C533
                                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0070C549
                                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0070C554
                                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0070C584
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 0070C5DC
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 0070C5F0
                                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0070C5FB
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df09862ad60fc13c869775244e9181ddfc1f845217119f8e6107ea2bf10dc94a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 16def6e7ce8878348a4b3f3e0faa3637c8548a97aa9f4093df77175c583c1de6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df09862ad60fc13c869775244e9181ddfc1f845217119f8e6107ea2bf10dc94a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE514DB5500604FFEB228F60CD48AAB7BFCFF18754F108619F945D6290DB38E9559BA0
                                                                                                                                                                                                                                                                                                                                                                      Function 0072856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00728592
                                                                                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007285A2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007285AD
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007285BA
                                                                                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 007285C8
                                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007285D7
                                                                                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 007285E0
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007285E7
                                                                                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 007285F8
                                                                                                                                                                                                                                                                                                                                                                      • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0072FC38,?), ref: 00728611
                                                                                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00728621
                                                                                                                                                                                                                                                                                                                                                                      • GetObjectW.GDI32(?,00000018,?), ref: 00728641
                                                                                                                                                                                                                                                                                                                                                                      • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00728671
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00728699
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 007286AF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6e44904fea60b678480b89504637316b40e2d1d9067016041e8d185a633b3dbb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9f43061c18e15421071b838b6b0c220ae0385b1907866ef009863f268e1f0d59
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e44904fea60b678480b89504637316b40e2d1d9067016041e8d185a633b3dbb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F414C71601218EFDB21DF65DC48EAE7BB8FF99711F108058F905E7250DB39A901CB65
                                                                                                                                                                                                                                                                                                                                                                      Function 007014BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00701502
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 0070150B
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00701517
                                                                                                                                                                                                                                                                                                                                                                      • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 007015FB
                                                                                                                                                                                                                                                                                                                                                                      • VarR8FromDec.OLEAUT32(?,?), ref: 00701657
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00701708
                                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 0070178C
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 007017D8
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 007017E7
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000000), ref: 00701823
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 377f328fb6228ed8f7a562f552007baab6944b68fa94c94d2c1119881e635505
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 715f93ee55ffe7706987850014689500cafa56d4eefdb1752453b5c2fe9e8e58
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 377f328fb6228ed8f7a562f552007baab6944b68fa94c94d2c1119881e635505
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4D10071A00605DBDB10AFA4D885B7DB7F6BF45700F90825AE406AF1C0DB38ED55DBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0071B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0071B6AE,?,?), ref: 0071C9B5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071C9F1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071CA68
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071CA9E
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0071B6F4
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0071B772
                                                                                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.ADVAPI32(?,?), ref: 0071B80A
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0071B87E
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0071B89C
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll), ref: 0071B8F2
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0071B904
                                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0071B922
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 0071B983
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0071B994
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 75effe14a35504d93fa7ca71be054281b48b34f26c10404e24d942b987626812
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fa48018f4fd11e96bb2e1a5c705b7c0e5cbe5a8ddafaae463b6954d7cc86494c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75effe14a35504d93fa7ca71be054281b48b34f26c10404e24d942b987626812
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBC18F31204201EFD724DF18C495F6ABBE5BF84318F14855CF4594B6A2CB79ED86CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 0071255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 007125D8
                                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 007125E8
                                                                                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 007125F4
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00712601
                                                                                                                                                                                                                                                                                                                                                                      • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 0071266D
                                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 007126AC
                                                                                                                                                                                                                                                                                                                                                                      • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 007126D0
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,?), ref: 007126D8
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 007126E1
                                                                                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(?), ref: 007126E8
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 007126F3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fd3d08c2c84181dd4c27e86f42ab067cd78ec3078739d563d5451667d883b39b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e084b2e77de0bab3314772c8203997a0b10e18dd4851e304d571f3c0c82ec88
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd3d08c2c84181dd4c27e86f42ab067cd78ec3078739d563d5451667d883b39b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD6125B5D00219EFCF15CFA8C885AAEBBF6FF48300F208529E555A7250D734A951CF94
                                                                                                                                                                                                                                                                                                                                                                      Function 006CDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ___free_lconv_mon.LIBCMT ref: 006CDAA1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD659
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD66B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD67D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD68F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD6A1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD6B3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD6C5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD6D7
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD6E9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD6FB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD70D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD71F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD63C: _free.LIBCMT ref: 006CD731
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDA96
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000), ref: 006C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: GetLastError.KERNEL32(00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000,00000000), ref: 006C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDAB8
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDACD
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDAD8
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDAFA
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDB0D
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDB1B
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDB26
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDB5E
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDB65
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDB82
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CDB9A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bfab32064d700668120515908be835b92f9671023a99807975bfd305ef5bc5bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c154f389f3dbfbd60c44b8b0809aa02cc327327995776f920937b3a1b041a141
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bfab32064d700668120515908be835b92f9671023a99807975bfd305ef5bc5bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D313B716047069FEB61AA79E845FBAB7EAFF00711F15442DE849D7291DA31AC40CB24
                                                                                                                                                                                                                                                                                                                                                                      Function 006F365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 006F369C
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006F36A7
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 006F3797
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 006F380C
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 006F385D
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 006F3882
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 006F38A0
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000), ref: 006F38A7
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 006F3921
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 006F395D
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 26cb820a0af34cf2bfd7ddebc61684ee4851b6a5dd023a45b3aa1530ba42f17b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: be011952175ca26c3bb37df501cec2de58b1a263ef5bc2e25b3ddfc306026616
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26cb820a0af34cf2bfd7ddebc61684ee4851b6a5dd023a45b3aa1530ba42f17b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D91B47120461AAFD719DF24C885BFAF7AAFF44350F008619FA99C2350EB74EA45CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 006F4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 006F4994
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 006F49DA
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006F49EB
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 006F49F7
                                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 006F4A2C
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 006F4A64
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 006F4A9D
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 006F4AE6
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 006F4B20
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 006F4B8B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c3ffe8165e60d32f1d284dcffdd754c4a2597ec446fab5695993245eaa004b56
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3a371b1d862d5ce80ced1368f68ef38cccd4ede16bc57b0c568d9e16aee302fc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3ffe8165e60d32f1d284dcffdd754c4a2597ec446fab5695993245eaa004b56
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F91AA711082099FDB14CE14C981BBB77EAEF84314F048469FE859A69ADF34ED46CBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 00728D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 006A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00728D5A
                                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 00728D6A
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 00728D75
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00728E1D
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00728ECF
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(?), ref: 00728EEC
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 00728EFC
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00728F2E
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00728F70
                                                                                                                                                                                                                                                                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00728FA1
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b08035b747069f8feeacbe2e9befde400a2178d0f0dfae4d93d937ec83659cb7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6700f9e29eec85530835fafa3f546bf79930fd193fea587db1ad1476963d6ad9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b08035b747069f8feeacbe2e9befde400a2178d0f0dfae4d93d937ec83659cb7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26810371905321AFD760CF24E984AAB77E9FF88310F14051DF995D7291CB3AD901CBA2
                                                                                                                                                                                                                                                                                                                                                                      Function 0071CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0071CC64
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 0071CC8D
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0071CD48
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0071CCAA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 0071CCBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0071CCCF
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 0071CD05
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 0071CD28
                                                                                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 0071CCF3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b16aab69aead91bcd088d68d91d194479fbdc10299ca78ae8938c2bc5db8819a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3149b2ed9b9f5e3fadf0272eaf7a02e5d1c34e1c9ab6c8f66af6b5bd3cc6550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b16aab69aead91bcd088d68d91d194479fbdc10299ca78ae8938c2bc5db8819a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB3180B1A41129BBD7328B94DC88EFFBB7CEF15740F004165A905E6180DA789E86DAF4
                                                                                                                                                                                                                                                                                                                                                                      Function 006FE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • timeGetTime.WINMM ref: 006FE6B4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AE551: timeGetTime.WINMM(?,?,006FE6D4), ref: 006AE555
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 006FE6E1
                                                                                                                                                                                                                                                                                                                                                                      • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 006FE705
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 006FE727
                                                                                                                                                                                                                                                                                                                                                                      • SetActiveWindow.USER32 ref: 006FE746
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 006FE754
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 006FE773
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 006FE77E
                                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32 ref: 006FE78A
                                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(00000000), ref: 006FE79B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                      • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e45db5e0ae0451cef8d4ac316da899e13570677fe94832d9eefd8b1ab4052d41
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d77a1e565f1c97744ecc903ce104a54287a26323212cda002bd97936afa6cf90
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e45db5e0ae0451cef8d4ac316da899e13570677fe94832d9eefd8b1ab4052d41
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D219870300708AFEB125F65EC8DA393F5AF765749B108425F61281671DBBA9C12CB2C
                                                                                                                                                                                                                                                                                                                                                                      Function 006FE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 006FEA5D
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 006FEA73
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 006FEA84
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 006FEA96
                                                                                                                                                                                                                                                                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 006FEAA7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a6ae097380b84069b0e45bb5a93f8f322f920ce7c92e3ea5f355a3174ca4dc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9bf0d344f829fdfe9c70b44b45f394f1af54a274fb16ac513504f1b6dd76ad84
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a6ae097380b84069b0e45bb5a93f8f322f920ce7c92e3ea5f355a3174ca4dc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 561151B1A9026979EB20A7A5DC4ADFF6A7DEBD1F01F40052D7911A31E1EFB01909C5B0
                                                                                                                                                                                                                                                                                                                                                                      Function 006A8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,006A8BE8,?,00000000,?,?,?,?,006A8BBA,00000000,?), ref: 006A8FC5
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 006A8C81
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(00000000,?,?,?,?,006A8BBA,00000000,?), ref: 006A8D1B
                                                                                                                                                                                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 006E6973
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,006A8BBA,00000000,?), ref: 006E69A1
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,006A8BBA,00000000,?), ref: 006E69B8
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,006A8BBA,00000000), ref: 006E69D4
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 006E69E6
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 365939988561722eac1be69f60ca9c6c6138bee55dd4f457cfb4317e2700b511
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4f3c83ebd2a6c485e914ce08f9076f83e358b19d383cac8f260dced24034d262
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 365939988561722eac1be69f60ca9c6c6138bee55dd4f457cfb4317e2700b511
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D618A30402741DFCB36AF19C948B6977B2FB62366F548528E0439B660CB79AD91CF98
                                                                                                                                                                                                                                                                                                                                                                      Function 006A9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9944: GetWindowLongW.USER32(?,000000EB), ref: 006A9952
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 006A9862
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dc5f38f6a161d4b1ae113bb7bc385658f5a00aaebad4ce711a0922f0db5749c9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 30438412d284c5b38b076a83000c07ecf2890111b90855af731e24c4c6767a41
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc5f38f6a161d4b1ae113bb7bc385658f5a00aaebad4ce711a0922f0db5749c9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC41B571104744AFDB316F399C85BB937A6AB17330F244A05F9A28B2E1D7399C42DF20
                                                                                                                                                                                                                                                                                                                                                                      Function 006C8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .k
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1942414878
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b73afc0cc30729042c285e9862a7da7665073ae80805d02607356310973e5e35
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 200171db66bb65e056abaa4bc42b3fdcc6499066cb90b9205af371d82b08316c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b73afc0cc30729042c285e9862a7da7665073ae80805d02607356310973e5e35
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7C1AF75A04249AFDB219FA8C849FFDBBB2EF09310F14409DE815A7392C7749A42CB75
                                                                                                                                                                                                                                                                                                                                                                      Function 006F96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,006DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 006F9717
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,006DF7F8,00000001), ref: 006F9720
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,006DF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 006F9742
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,006DF7F8,00000001), ref: 006F9745
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 006F9866
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 91c390f309cbe15e75f818089261e1e7c609d2d9007c23d30db7fa0f5f34a5c3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 71387b4a06c3a4d9d9d5de369ee6d9ab98c88bf31904df9eba711dc0add34941
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91c390f309cbe15e75f818089261e1e7c609d2d9007c23d30db7fa0f5f34a5c3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2C414B72800219AACF44EBE0CE42EFEB37EAF15340F504469B60572192EB656F49CAB5
                                                                                                                                                                                                                                                                                                                                                                      Function 006F06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 006F07A2
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 006F07BE
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 006F07DA
                                                                                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 006F0804
                                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 006F082C
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006F0837
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 006F083C
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 10eb8f42373646324cb1c5d6b8e7828c66d94aac82ebec8862b5e2620895f26c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 562514f001762296407fde003084d2a708436bbfb1d68a8bf4080d756d77ba33
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 10eb8f42373646324cb1c5d6b8e7828c66d94aac82ebec8862b5e2620895f26c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE410872C1022DABDF25EBA4DC95CFDB7B9BF14350B044169E911A3261EB74AE04CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 00713C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00713C5C
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00713C8A
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00713C94
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00713D2D
                                                                                                                                                                                                                                                                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00713DB1
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00713ED5
                                                                                                                                                                                                                                                                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00713F0E
                                                                                                                                                                                                                                                                                                                                                                      • CoGetObject.OLE32(?,00000000,0072FB98,?), ref: 00713F2D
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00713F40
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00713FC4
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00713FD8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ad9ffe03c284a6bfb9d767ce9ef8387ae03cef739b048b71d7f670616b9a1c75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0fba5a95a7c47864307b3a7276488718472c14def9fea6b372989a7b86f9c915
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ad9ffe03c284a6bfb9d767ce9ef8387ae03cef739b048b71d7f670616b9a1c75
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEC157716083059FD700DF68C88496BBBE9FF89744F00491DF98A9B290DB34EE86CB52
                                                                                                                                                                                                                                                                                                                                                                      Function 00707A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00707AF3
                                                                                                                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00707B8F
                                                                                                                                                                                                                                                                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 00707BA3
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0072FD08,00000000,00000001,00756E6C,?), ref: 00707BEF
                                                                                                                                                                                                                                                                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00707C74
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 00707CCC
                                                                                                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00707D57
                                                                                                                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00707D7A
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00707D81
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00707DD6
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 00707DDC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39b9fa0761944ee8565b6e1d7ea312686fd633f92c6512e0d23f11c9be859726
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e5730512ad183635d17ba0e28eceefa990b16795c76d640d86aa3fcc3606c157
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39b9fa0761944ee8565b6e1d7ea312686fd633f92c6512e0d23f11c9be859726
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E6C12975A04109EFCB14DFA4C884DAEBBF9FF48304B148598E81ADB661DB34EE45CB94
                                                                                                                                                                                                                                                                                                                                                                      Function 0072541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00725504
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00725515
                                                                                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000158), ref: 00725544
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00725585
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0072559B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007255AC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d378190857cd455452a855bfc764dc3f433e34ee5677a33560c9a22bde9ecdc7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d6cda41b4e3e527a9f825b6d584071a000ab7806f7841c2c82bc698af4ba20bc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d378190857cd455452a855bfc764dc3f433e34ee5677a33560c9a22bde9ecdc7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A361A030900628EFDF219F94EC84DFE7BB9EF05720F108145F965A7290D7789A81DB60
                                                                                                                                                                                                                                                                                                                                                                      Function 006EFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 006EFAAF
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 006EFB08
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 006EFB1A
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 006EFB3A
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 006EFB8D
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 006EFBA1
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 006EFBB6
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 006EFBC3
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006EFBCC
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 006EFBDE
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 006EFBE9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: de142933c54f699f06a479994450d794e94ebaba8052758b043487d3eb92f480
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 55f02c20c867988449dd01eaf35f9d62244130dd1fbabafcc79827a8b125187e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: de142933c54f699f06a479994450d794e94ebaba8052758b043487d3eb92f480
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0417135A00259DFCF11EF69CC549EEBBBAEF58354F008069E905AB261CB34A946CF94
                                                                                                                                                                                                                                                                                                                                                                      Function 006F9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 006F9CA1
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 006F9D22
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A0), ref: 006F9D3D
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 006F9D57
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(000000A1), ref: 006F9D6C
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 006F9D84
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000011), ref: 006F9D96
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 006F9DAE
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(00000012), ref: 006F9DC0
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 006F9DD8
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyState.USER32(0000005B), ref: 006F9DEA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0a2c09dae3194026d2de85ab8596f4d7904b760f4dee08805d06b3f784e62707
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 08c1152da9e113b22f7c8ce86ec18d793fa938c82c06c7b766efd176053c56d1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a2c09dae3194026d2de85ab8596f4d7904b760f4dee08805d06b3f784e62707
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E41D734504BCD6DFF35976488043F5BEA2AF22344F14805ADBC6567C2DBA599C8CBB2
                                                                                                                                                                                                                                                                                                                                                                      Function 0071055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 007105BC
                                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 0071061C
                                                                                                                                                                                                                                                                                                                                                                      • gethostbyname.WSOCK32(?), ref: 00710628
                                                                                                                                                                                                                                                                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 00710636
                                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 007106C6
                                                                                                                                                                                                                                                                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 007106E5
                                                                                                                                                                                                                                                                                                                                                                      • IcmpCloseHandle.IPHLPAPI(?), ref: 007107B9
                                                                                                                                                                                                                                                                                                                                                                      • WSACleanup.WSOCK32 ref: 007107BF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67096d0870f7bb5b2b703932aa82740b5594e749e29dccd596882555fc914c34
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f2dffc87f906dd5b4b4cf6d517838556ce052f0845c99d1a583c7a4da413e06b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67096d0870f7bb5b2b703932aa82740b5594e749e29dccd596882555fc914c34
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C91AC346042019FDB20DF19C889F5ABBE5AF44318F0485A9E4698B6E2C7B8EDC1CFD1
                                                                                                                                                                                                                                                                                                                                                                      Function 00718CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b066945bbcce1524120bacace8f61a84ffe7c144682d06e20139dc9ab23892f7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06c265978aee5f4c992372209abc5e98aaffcd3e6d1bddfb7c4496ef67c8845b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b066945bbcce1524120bacace8f61a84ffe7c144682d06e20139dc9ab23892f7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB519E31A001169BCF54DF6CC9409FEB7A6BF65724B204229E866E72C5DB38DE84C791
                                                                                                                                                                                                                                                                                                                                                                      Function 0071372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32 ref: 00713774
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 0071377F
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,0072FB78,?), ref: 007137D9
                                                                                                                                                                                                                                                                                                                                                                      • IIDFromString.OLE32(?,?), ref: 0071384C
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 007138E4
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00713936
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6dc5860c62cf138557c556aef95c3080d8a1199b0cf3754560606815b817de8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a4eec32f86ad1707c0c3a86fac3cce521e3108b88dcab71e82181d4351803c5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6dc5860c62cf138557c556aef95c3080d8a1199b0cf3754560606815b817de8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5661B170608301AFD711DF58C889BAABBE9EF45710F10491DF985972D1C778EE88CBA6
                                                                                                                                                                                                                                                                                                                                                                      Function 00708195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 00708257
                                                                                                                                                                                                                                                                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 00708267
                                                                                                                                                                                                                                                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00708273
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00708310
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00708324
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00708356
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0070838C
                                                                                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00708395
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 405d2070f91e141838c5bb8f6b4abc2705d075c4205ab2aaac98d7fe0ed1163d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d8aa4972b3f20b57233cb76b8f389e51a72647506fb560efc44d803d058880a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 405d2070f91e141838c5bb8f6b4abc2705d075c4205ab2aaac98d7fe0ed1163d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5616DB2508305DFCB50EF64C8409AEB3E9FF89314F04891DF98987251EB35E945CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 00728B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 006A9BB2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: GetCursorPos.USER32(?), ref: 006A9141
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: ScreenToClient.USER32(00000000,?), ref: 006A915E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: GetAsyncKeyState.USER32(00000001), ref: 006A9183
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A912D: GetAsyncKeyState.USER32(00000002), ref: 006A919D
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00728B6B
                                                                                                                                                                                                                                                                                                                                                                      • ImageList_EndDrag.COMCTL32 ref: 00728B71
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseCapture.USER32 ref: 00728B77
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00000000), ref: 00728C12
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00728C25
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00728CFF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DROPID$p#v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1924731296-3319920676
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0b43b35a4e5f73d609c1283b59c56ac68ee43ca1947c2d847307c9e4d7f7baa7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e8aef4fcb9c4200fce182e84a2fdd638578dbbd06dbdd771744257d6a387fb1a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b43b35a4e5f73d609c1283b59c56ac68ee43ca1947c2d847307c9e4d7f7baa7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3551BB70104300AFDB14EF24DC5ABAA77E5FB88710F40062DF952972E1CB79AD44CBA6
                                                                                                                                                                                                                                                                                                                                                                      Function 00703388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 007033CF
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 007033F0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ea7a1593a50fcb0057c178e52d77b4bc60ce02345c6e50e0105fa937163fe0b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2247078d790d96c69f66023e2b3a206b722dbb347298402b30ebd038850b7752
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ea7a1593a50fcb0057c178e52d77b4bc60ce02345c6e50e0105fa937163fe0b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0951CF71800219AADF55EBE0CD46EFEB3BEAF14300F148169F505721A2EB792F58CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 006FB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e23cd654cc22e52036b1ade0f2744fa56e115719d5f3389d524f9739978d791e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f5b7a9c28ba61ef457d7bfb9cca921de50f3d5c4e844e3cd9cd0cbef066a45a0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e23cd654cc22e52036b1ade0f2744fa56e115719d5f3389d524f9739978d791e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9241D532A0002A9BCB206F7DCD905FE77A7AFA5754B245629EA21DB384F735CD81C790
                                                                                                                                                                                                                                                                                                                                                                      Function 00705393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 007053A0
                                                                                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00705416
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00705420
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 007054A7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d7088e32717472abfbec88bfffd07c3b3f85553141b2e16f6d39b7a8b890b4e9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d2354e3ec5deeee38e172865879001eb7b78de0852ba9b82c8cb711b96d0df2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7088e32717472abfbec88bfffd07c3b3f85553141b2e16f6d39b7a8b890b4e9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 39319C75A00645DFCB10DF68C485AEABBF8EB04305F548269F805CB292DB78DD86CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00723C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateMenu.USER32 ref: 00723C79
                                                                                                                                                                                                                                                                                                                                                                      • SetMenu.USER32(?,00000000), ref: 00723C88
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00723D10
                                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(?), ref: 00723D24
                                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00723D2E
                                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00723D5B
                                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32 ref: 00723D63
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 643b0b47e40a46807a515cdd8974e374a5a60bb43bf438c0bb3be14bb97f859a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 50654692f246b08e25afed369433200783805b15f25d8db5e8e620d3425a0658
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 643b0b47e40a46807a515cdd8974e374a5a60bb43bf438c0bb3be14bb97f859a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA418974A01319AFDB24CF64E844AAA7BB5FF49300F144028F946A7360D778EA10CF98
                                                                                                                                                                                                                                                                                                                                                                      Function 00723A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00723A9D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00723AA0
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00723AC7
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00723AEA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00723B62
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00723BAC
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00723BC7
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00723BE2
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00723BF6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00723C13
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 55071ca1b373f1a59611f9f6771270f1b1775e6a7d8166c5dd37b59d6ba6b698
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4594f79cd70c135def1977efd693e76d4a96a432b2b50b3d6eb8d75680ccf4c4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 55071ca1b373f1a59611f9f6771270f1b1775e6a7d8166c5dd37b59d6ba6b698
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB617B75900258AFDB10DFA8DC85EEE77F8EB09700F144099FA15A72A1C778AE81DF64
                                                                                                                                                                                                                                                                                                                                                                      Function 006FB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 006FB151
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,006FA1E1,?,00000001), ref: 006FB165
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 006FB16C
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006FA1E1,?,00000001), ref: 006FB17B
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 006FB18D
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,006FA1E1,?,00000001), ref: 006FB1A6
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,006FA1E1,?,00000001), ref: 006FB1B8
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,006FA1E1,?,00000001), ref: 006FB1FD
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,006FA1E1,?,00000001), ref: 006FB212
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,006FA1E1,?,00000001), ref: 006FB21D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d325a6204dcb13424019d50f25f7fca05d508e3617ca9bb173708c7c63868a1a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: bd8e18e2250bada5190d79ec33cb387c1d0f86e075c40a34c4d24967cc9fa2da
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d325a6204dcb13424019d50f25f7fca05d508e3617ca9bb173708c7c63868a1a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60318D71500308BFDB219F24DC49BBD7BABFB61311F149019FA02DA290D7B89A45CF68
                                                                                                                                                                                                                                                                                                                                                                      Function 006C2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2C94
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000), ref: 006C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: GetLastError.KERNEL32(00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000,00000000), ref: 006C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CA0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CAB
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CB6
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CC1
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CCC
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CD7
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CE2
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CED
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2CFB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f0de3bd5d648de21847fb330bb560f480abb2f782ad651a08b777312b0bc96f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d6dd56996dd83dedde9399b68b191fc7c7e5bf2a222b73f8f3cd84be28baf2e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f0de3bd5d648de21847fb330bb560f480abb2f782ad651a08b777312b0bc96f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F119676100109AFCB42FF55D852EED3BA6FF05750F4144A9FD485B222D631EE509B94
                                                                                                                                                                                                                                                                                                                                                                      Function 00695BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00695C7A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00695D0A: GetClientRect.USER32(?,?), ref: 00695D30
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00695D0A: GetWindowRect.USER32(?,?), ref: 00695D71
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00695D0A: ScreenToClient.USER32(?,?), ref: 00695D99
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32 ref: 006D46F5
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 006D4708
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 006D4716
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 006D472B
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 006D4733
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 006D47C4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1840a5ffbcc741f24098365f129f842fdea9c15114476cebe01dcba5fce943c9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 854ca97bf0383a4972c467cb6ee558364f836c225f01a09d65bb3388304ad379
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1840a5ffbcc741f24098365f129f842fdea9c15114476cebe01dcba5fce943c9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45719F31900245DFCF228F64C984AEA7BB6FF4A360F18426AE9565A366CB35DC42DF50
                                                                                                                                                                                                                                                                                                                                                                      Function 0070359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 007035E4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00762390,?,00000FFF,?), ref: 0070360A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5c8551e249ac8851dad5b853e5024fa1f24bfe7b490266fb53a9a6f27f786b57
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0cd4e6bcfd800cc1697bc1194bff9e60050b93253ac13961675c34897952c39e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c8551e249ac8851dad5b853e5024fa1f24bfe7b490266fb53a9a6f27f786b57
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77518F71800219FADF55EBA0CC42EEEBB7AAF14300F444229F505725A1EB751B98DFA8
                                                                                                                                                                                                                                                                                                                                                                      Function 0070C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0070C272
                                                                                                                                                                                                                                                                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0070C29A
                                                                                                                                                                                                                                                                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0070C2CA
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0070C322
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0070C336
                                                                                                                                                                                                                                                                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 0070C341
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7144c09d1ea91d38e064407656289df368d6df9560b208f453a90d5b8819687d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 77e0a4d2a4971ab05f6b6c4c1087ac3e79c8d1d88eba5b7cbdaf39777a8dfe8d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7144c09d1ea91d38e064407656289df368d6df9560b208f453a90d5b8819687d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45316DB1500604EFD7229FA4CC88AABBAFCEB59744F14871EF446D2280DB38DD059B65
                                                                                                                                                                                                                                                                                                                                                                      Function 006F989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,006D3AAF,?,?,Bad directive syntax error,0072CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 006F98BC
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000,?,006D3AAF,?), ref: 006F98C3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 006F9987
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7aa1fbca2cd18c816ec2a5e8f4c3dc88e7f4c4246991f35282f573010ea85169
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 117645878e5e99d2ea3859b3d720ab18751819a7a35352f73e49ebb05cd1a6df
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7aa1fbca2cd18c816ec2a5e8f4c3dc88e7f4c4246991f35282f573010ea85169
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F021917180021DABCF15AF90CC06EFE773AFF24301F04445DF915621A1DB759618CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 006F209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32 ref: 006F20AB
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 006F20C0
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 006F214D
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8908bb5182b2bf8bcfdae1b8546aefe7147f46fe0551a72fadac7026550f3bff
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 67b2e23082a696e3ba7c15d6e710046987ab7c54a7b001170b38c9e4a1b9cbcd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8908bb5182b2bf8bcfdae1b8546aefe7147f46fe0551a72fadac7026550f3bff
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D1150F618470BB9FA116224DC2BDF6739DDF15315F200119FB04A40D2FEA598465A1C
                                                                                                                                                                                                                                                                                                                                                                      Function 006CCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dd4c0afed538274d30ebfe67e2892212c4a9057650c1acc38065bf9f1e7d7e77
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 92d978a54ead3a91299a791608f8aee552ca3f22a3618b381413c080d8c2869c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd4c0afed538274d30ebfe67e2892212c4a9057650c1acc38065bf9f1e7d7e77
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 026156B1A04301AFDB21AFB89895FBA7BABEF05320F04426DF919D7382D7759D018794
                                                                                                                                                                                                                                                                                                                                                                      Function 007250D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00725186
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 007251C7
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,00000000), ref: 007251CD
                                                                                                                                                                                                                                                                                                                                                                      • SetFocus.USER32(?,?,00000005,?,00000000), ref: 007251D1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00726FBA: DeleteObject.GDI32(00000000), ref: 00726FE6
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0072520D
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0072521A
                                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0072524D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00725287
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00725296
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 900e6369de25478d0f32e29532f3b629b5de7090729e643c89ccd9383d436157
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 417c79972bb1c2916fe4d972861132bdc16b2c646b4daa1c173f8e96721dcefe
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 900e6369de25478d0f32e29532f3b629b5de7090729e643c89ccd9383d436157
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D51B370A50A28FFEF309F28EC49BD93BA5FB05321F248115F615962E0C37DA9A4DB51
                                                                                                                                                                                                                                                                                                                                                                      Function 006A8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 006E6890
                                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 006E68A9
                                                                                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 006E68B9
                                                                                                                                                                                                                                                                                                                                                                      • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 006E68D1
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 006E68F2
                                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,006A8874,00000000,00000000,00000000,000000FF,00000000), ref: 006E6901
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 006E691E
                                                                                                                                                                                                                                                                                                                                                                      • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,006A8874,00000000,00000000,00000000,000000FF,00000000), ref: 006E692D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e7862a3dd4a8b68eb36e0150e9b43b2e6cc22c87e0b936df671d840bcc358a9c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 357a1dcf226cdde6ff27002cc39879994ace01ebc1c59c5a116a182c1719849b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7862a3dd4a8b68eb36e0150e9b43b2e6cc22c87e0b936df671d840bcc358a9c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2519870600309EFDB20EF25CC55BAA3BB6EB68350F108528F902972A0DB74ED91CF64
                                                                                                                                                                                                                                                                                                                                                                      Function 0070C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0070C182
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0070C195
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?), ref: 0070C1A9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0070C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0070C272
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0070C253: GetLastError.KERNEL32 ref: 0070C322
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0070C253: SetEvent.KERNEL32(?), ref: 0070C336
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0070C253: InternetCloseHandle.WININET(00000000), ref: 0070C341
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f334bb3a9e619d4f15ce04e2837d839baccb812fbbb7fe61560f0a23fc25ab5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 46e0b4a1754cb8d8275ea2d8f692139a9c50ab8fa40104c095c3b52f54729d1c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f334bb3a9e619d4f15ce04e2837d839baccb812fbbb7fe61560f0a23fc25ab5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61318F71600605FFDB229FE5DD44A6ABBF8FF28300B04871DF95687A50DB38E8159BA0
                                                                                                                                                                                                                                                                                                                                                                      Function 006F25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006F3A57
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: GetCurrentThreadId.KERNEL32 ref: 006F3A5E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006F25B3), ref: 006F3A65
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 006F25BD
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 006F25DB
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 006F25DF
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 006F25E9
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 006F2601
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 006F2605
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 006F260F
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 006F2623
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 006F2627
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d0e0acf402bcd0a31f7066f99ba9d4911a433f7327d5de9d778896a202bb20bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2b171bdb66792ede7ad3cf9dfc2782715b9b92a49a5bda79f348e007eab4a8fe
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0e0acf402bcd0a31f7066f99ba9d4911a433f7327d5de9d778896a202bb20bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7201D870390618BBFB2067699C8BF693F5ADF5EB11F104005F314AE1D1C9E218458A6D
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,006F1449,?,?,00000000), ref: 006F180C
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,006F1449,?,?,00000000), ref: 006F1813
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006F1449,?,?,00000000), ref: 006F1828
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,006F1449,?,?,00000000), ref: 006F1830
                                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,006F1449,?,?,00000000), ref: 006F1833
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,006F1449,?,?,00000000), ref: 006F1843
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(006F1449,00000000,?,006F1449,?,?,00000000), ref: 006F184B
                                                                                                                                                                                                                                                                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,006F1449,?,?,00000000), ref: 006F184E
                                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,006F1874,00000000,00000000,00000000), ref: 006F1868
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: afa90722b44c432d001f23df1d0665135de233d3dd555c93a841ca9d6d1f87e9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1fd101a8c9f16fe43f3ace3cc9a2f1cc52e200c758d6381d17b6da797f050000
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: afa90722b44c432d001f23df1d0665135de233d3dd555c93a841ca9d6d1f87e9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1101FFB5240308BFE721AB65DC4FF6B3B6CEB99B00F118415FA04DB191C6749C11CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 0071A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 006FD501
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 006FD50F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FD4DC: CloseHandle.KERNEL32(00000000), ref: 006FD5DC
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0071A16D
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 0071A180
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0071A1B3
                                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0071A268
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0071A273
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0071A2C4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 64377636c5c4453c985147902589e86860986be6a656391a3a0a23add1da1b93
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1636a45acc13358aebf9e484c0e521b1f3ffe49ec314c9736a7fb7ccd191d294
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64377636c5c4453c985147902589e86860986be6a656391a3a0a23add1da1b93
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9A61C071205242AFD720DF18C494F69BBE5AF94318F14848CE4568BBE3C77AED85CB86
                                                                                                                                                                                                                                                                                                                                                                      Function 00723886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00723925
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0072393A
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00723954
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00723999
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 007239C6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 007239F4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bee27e03b93ce8f08de4a69fd297a295f9445d6d6588e6353ddb4c114c587ac2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 44470929abf4bf435188c763af6018cc7ad7a0ee34491f57d8b49b2ea1b57570
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bee27e03b93ce8f08de4a69fd297a295f9445d6d6588e6353ddb4c114c587ac2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E341C771900319ABEF219F64DC49FEE77A9EF08354F100526F954E7281D7799E80CB94
                                                                                                                                                                                                                                                                                                                                                                      Function 006FBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 006FBCFD
                                                                                                                                                                                                                                                                                                                                                                      • IsMenu.USER32(00000000), ref: 006FBD1D
                                                                                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 006FBD53
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(010BCA88), ref: 006FBDA4
                                                                                                                                                                                                                                                                                                                                                                      • InsertMenuItemW.USER32(010BCA88,?,00000001,00000030), ref: 006FBDCC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 047ff4205d9dc0b117f86716aaed203b349b0bd552d6a8f02adde86b593caa18
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 844449056ce661448aaa8c759c130c749f16893e2f6343aa1fedf201256de038
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 047ff4205d9dc0b117f86716aaed203b349b0bd552d6a8f02adde86b593caa18
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3251BD70A0420D9BDB21DFA8D884BFEBBF6AF55314F249219E611D7390D7709941CB62
                                                                                                                                                                                                                                                                                                                                                                      Function 006B2D20 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 006B2D4B
                                                                                                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 006B2D53
                                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 006B2DE1
                                                                                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 006B2E0C
                                                                                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 006B2E61
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                      • String ID: &Hk$csm
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-4288493938
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 46dae1e020c3badfc1bbc1e3710344d58bd99cae44ab31e005101320f06ed688
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2b95a4468856d717d797ec6e00c0eb555ee28f1b0b7ec1e34dcf622d18c9d80f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46dae1e020c3badfc1bbc1e3710344d58bd99cae44ab31e005101320f06ed688
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3441A4B4A0021AABCF10DF68CC65ADEBBF6BF44314F148159E8146B392D735EA85CBD1
                                                                                                                                                                                                                                                                                                                                                                      Function 006FC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 006FC913
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8e4907f86af1be90fe2b725170e18f0896b7561e285bdaae67dd997309676e54
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b35e530e7ab803849db897a83af90b832543a3e56cdd67dff8a5d8bd9a5ae079
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e4907f86af1be90fe2b725170e18f0896b7561e285bdaae67dd997309676e54
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F116D7168930EBAEB019B14DD83CFE679DCF15375B50002EFA00A7282EBF59E415368
                                                                                                                                                                                                                                                                                                                                                                      Function 006FED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 520396acd3fb04c271c584805294fd74b3e4243ab7ab1cb7959fd2013735358c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4f898e531d1ae289439655af204cc2c9f0e55fbb9af64b817234eb47bab3edf7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 520396acd3fb04c271c584805294fd74b3e4243ab7ab1cb7959fd2013735358c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D41A3A5C1011876DB51EBB4CC8A9DFB7AAAF45310F50846AF614E3122FB34D385C3E9
                                                                                                                                                                                                                                                                                                                                                                      Function 006AF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006E682C,00000004,00000000,00000000), ref: 006AF953
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,006E682C,00000004,00000000,00000000), ref: 006EF3D1
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,006E682C,00000004,00000000,00000000), ref: 006EF454
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7410c5ce5d715f1af78b0ac9e3bce1a7b7f272c50eb546da3f74619a75649eb5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 92d177361950cbf0c6d38994d5419eb1a34cb18353b21d2ea7215e63b469d133
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7410c5ce5d715f1af78b0ac9e3bce1a7b7f272c50eb546da3f74619a75649eb5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85410931605780BBC775AB6988887AB7B97AF57310F14843CF04756761C676AC81CF93
                                                                                                                                                                                                                                                                                                                                                                      Function 00722D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00722D1B
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00722D23
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00722D2E
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00722D3A
                                                                                                                                                                                                                                                                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00722D76
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00722D87
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00725A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00722DC2
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00722DE1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b5d2b9ac5ac3ca07d0363bfaecf0873cca2bb2b45fc2966bc016e70b4a990584
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c841edbdfc9d6dcec9b6922d53ed00520578516080e566af67c3e56cdd8a3a09
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5d2b9ac5ac3ca07d0363bfaecf0873cca2bb2b45fc2966bc016e70b4a990584
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 03318072201224BFEB254F50DC8AFEB3FADEF19715F048055FE089A291C6799C52C7A4
                                                                                                                                                                                                                                                                                                                                                                      Function 006F5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2a9fc013c4e52b885306d31e230a9dd54b7a1f82033670d1558ae442263dcd1d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 313fd83e08a72a7b0acd4c88017582af73d15820f5aa60ea9f1c029b4a695db9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a9fc013c4e52b885306d31e230a9dd54b7a1f82033670d1558ae442263dcd1d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 192125E1640A1C77924466209DA2FFA239FAF21384F800034FF07DE682FB24ED5182A8
                                                                                                                                                                                                                                                                                                                                                                      Function 00714FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 71db969c2e3fbe893ff862a0c0f30ddfbeba6d872ede5ed7c2f2295285dbf763
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 51d1d28a0ce3f2eb04172c52c0fc4f2bb9db2e41a0cab8637eae2f0423da6df9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71db969c2e3fbe893ff862a0c0f30ddfbeba6d872ede5ed7c2f2295285dbf763
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99D1B371A0060AEFDF14CFA8C881BEEB7B5BF88354F148169E915AB281D774DD85CB50
                                                                                                                                                                                                                                                                                                                                                                      Function 006D1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,006D17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 006D15CE
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006D1651
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,006D17FB,?,006D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006D16E4
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,006D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006D16FB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C3820: RtlAllocateHeap.NTDLL(00000000,?,00761444,?,006AFDF5,?,?,0069A976,00000010,00761440,006913FC,?,006913C6,?,00691129), ref: 006C3852
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,006D17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 006D1777
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 006D17A2
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 006D17AE
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5483dd50ea5e382a1dc0238cf5a966bdb8c60c5060486baedce19ad7b2f8cf13
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b15126894c448ebbe9005f88edfc1dc13d590876f80e1a4eee01c68765327204
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5483dd50ea5e382a1dc0238cf5a966bdb8c60c5060486baedce19ad7b2f8cf13
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C591C3B1E00216BADB208E64D941EEE7BB7AF4A310F18465AE805EF351D779DD41C7A0
                                                                                                                                                                                                                                                                                                                                                                      Function 00714523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e4072bf63b5287b6c489cb453235083bc0874a4f4a0b6b298786a5a463f7411
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 57ab7fc7a5ca6573a588b3ba1dba9e4bc9983ef81b7c9d482b385ca7928f9fe9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e4072bf63b5287b6c489cb453235083bc0874a4f4a0b6b298786a5a463f7411
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31918171A00219ABDF24CFA8DC44FEE7BB8EF46724F108559F505AB2C0D7789985CBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00701187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 0070125C
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00701284
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 007012A8
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007012D8
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 0070135F
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 007013C4
                                                                                                                                                                                                                                                                                                                                                                      • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00701430
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f11e81b181ec7e728475174a545328975304149e78ffd1cd425a7aecfaa52890
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 058cfb7adcbb8f63b17a3e963ec4a3b673bcbbd8f61bee8abc83ed9b4e696a96
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f11e81b181ec7e728475174a545328975304149e78ffd1cd425a7aecfaa52890
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E91BE71A00209DFEB11DF94C884BBEB7F5FF45325F518229E901EB2A1D778A941CB94
                                                                                                                                                                                                                                                                                                                                                                      Function 006A948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f62b0c1e271e1943873c9a49a7e4a12da63f237fea290e30870c58f769185b7c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec31a0001a51a9417c9a6aaea1838bd0244bd060b823229dc21e9b51ded6daf9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f62b0c1e271e1943873c9a49a7e4a12da63f237fea290e30870c58f769185b7c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78913771D00219AFCB11DFA9CC85AEEBBBAFF49320F248049E515B7251D274AE42CF60
                                                                                                                                                                                                                                                                                                                                                                      Function 00713947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0071396B
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00713A7A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00713A8A
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00713C1F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00700CDF: VariantInit.OLEAUT32(00000000), ref: 00700D1F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00700CDF: VariantCopy.OLEAUT32(?,?), ref: 00700D28
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00700CDF: VariantClear.OLEAUT32(?), ref: 00700D34
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7610fcde96ad61bd2fbb3519299136ef05d42a721427a5792a36e8c355a5bf8d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 66fb5f30d20381692305f38e98137673314484b8866936b64fe53f8acd68f843
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7610fcde96ad61bd2fbb3519299136ef05d42a721427a5792a36e8c355a5bf8d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C917C746083059FCB54EF28C4809AAB7E5FF89314F14892DF88A97391DB34EE45CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 00714BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?,?,?,006F035E), ref: 006F002B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?,?), ref: 006F0046
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?,?), ref: 006F0054
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?), ref: 006F0064
                                                                                                                                                                                                                                                                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00714C51
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00714D59
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00714DCF
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 00714DDA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aba09329e2c025d9434784d04689afb6e7489e7074ad19b620e8973985c4724b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9fb70e85354796bb581918b576df203c866c0686289e69a0295cf0b18c2fa8d0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aba09329e2c025d9434784d04689afb6e7489e7074ad19b620e8973985c4724b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA912771D0021DAFDF14DFA4D891AEEB7B9BF08310F10856DE915A7291EB349A45CFA0
                                                                                                                                                                                                                                                                                                                                                                      Function 007220FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenu.USER32(?), ref: 00722183
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 007221B5
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 007221DD
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00722213
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 0072224D
                                                                                                                                                                                                                                                                                                                                                                      • GetSubMenu.USER32(?,?), ref: 0072225B
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006F3A57
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: GetCurrentThreadId.KERNEL32 ref: 006F3A5E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006F25B3), ref: 006F3A65
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007222E3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FE97B: Sleep.KERNEL32 ref: 006FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c81f5d33c4062d3dd534e6443a34ee249644fe948b7375e8e990903f9697aa41
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b942834ee6b1fedbe55a5ffe67b4b028cf75c8f81e92fdd0a07f7858c1d89ba
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c81f5d33c4062d3dd534e6443a34ee249644fe948b7375e8e990903f9697aa41
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76719375A00215EFCB50EF64D845AAEB7F6FF48320F118459E816EB352D739EE428B90
                                                                                                                                                                                                                                                                                                                                                                      Function 006FAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(?), ref: 006FAEF9
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 006FAF0E
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 006FAF6F
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 006FAF9D
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 006FAFBC
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 006FAFFD
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 006FB020
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: af74a47b9d071939937582c68134e4c75a3826f93e588b458f687d5bacf9b8f5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ab817ae26a1ab1b29310d8dd1b284790eb8b5b4f89afa3e3b8c4d050df6b829
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: af74a47b9d071939937582c68134e4c75a3826f93e588b458f687d5bacf9b8f5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F51D2F06147D93DFB364274CC45BFABEAA6B06304F088589E2D9499C2C7D8ADC8D761
                                                                                                                                                                                                                                                                                                                                                                      Function 006FACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetParent.USER32(00000000), ref: 006FAD19
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?), ref: 006FAD2E
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(?), ref: 006FAD8F
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 006FADBB
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 006FADD8
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 006FAE17
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 006FAE38
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f6e92d5246e82198ae6d67493593077379bff5020dddfa210c09275439858164
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a9f621ee6409c603f2af63bad59076c2bf44998da330df1262f95ba9e6667ece
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6e92d5246e82198ae6d67493593077379bff5020dddfa210c09275439858164
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF51E6F15047D93DFB3783B4CC55BBA7EAA6F46300F088588E2D9469C2C294ED88E752
                                                                                                                                                                                                                                                                                                                                                                      Function 006C542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetConsoleCP.KERNEL32(006D3CD6,?,?,?,?,?,?,?,?,006C5BA3,?,?,006D3CD6,?,?), ref: 006C5470
                                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 006C54EB
                                                                                                                                                                                                                                                                                                                                                                      • __fassign.LIBCMT ref: 006C5506
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,006D3CD6,00000005,00000000,00000000), ref: 006C552C
                                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,006D3CD6,00000000,006C5BA3,00000000,?,?,?,?,?,?,?,?,?,006C5BA3,?), ref: 006C554B
                                                                                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,006C5BA3,00000000,?,?,?,?,?,?,?,?,?,006C5BA3,?), ref: 006C5584
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e9ebcce25c1befba7e77f28fba21b41263726c9a649f0b697fbba5c79c18cac2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 837a0eb5918e575b3ce42c9f8118b36eb00525ff76614e1d7faf084dfab3e7a0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9ebcce25c1befba7e77f28fba21b41263726c9a649f0b697fbba5c79c18cac2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C51A270A006489FDB11DFA8DC41FEEBBF6EB08300F14415EE556E7291D770AA81CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 007110B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071304E: inet_addr.WSOCK32(?), ref: 0071307A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071304E: _wcslen.LIBCMT ref: 0071309B
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006), ref: 00711112
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00711121
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 007111C9
                                                                                                                                                                                                                                                                                                                                                                      • closesocket.WSOCK32(00000000), ref: 007111F9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b19d7df4a12ed7b3b1883a317b034db61d0f3dc5eb23d803f251d67d54d27053
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: adc1519b679a168cf07275bdb0071cfe7bf22025f6c2f74b488f0d5daba782ff
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b19d7df4a12ed7b3b1883a317b034db61d0f3dc5eb23d803f251d67d54d27053
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2441C331600208AFDB219F18C885BE9B7EAEF45324F54C059FA199F2D1D778AD81CBA5
                                                                                                                                                                                                                                                                                                                                                                      Function 006FCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006FCF22,?), ref: 006FDDFD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006FCF22,?), ref: 006FDE16
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 006FCF45
                                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 006FCF7F
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006FD005
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006FD01B
                                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 006FD061
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c1023c8752d239466602459ef48cb7baf6d3d66caea5fa5dc6f421a073bda5b0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 77df8c053d889d95d1dfb62f2e370c16901b4763ccfc95e0d8324093554295fa
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1023c8752d239466602459ef48cb7baf6d3d66caea5fa5dc6f421a073bda5b0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B841587190611C5FDF52EFA4CA81AEDB7BAAF48340F0000EAE605EB151EE34A785CB54
                                                                                                                                                                                                                                                                                                                                                                      Function 00722DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00722E1C
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00722E4F
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00722E84
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00722EB6
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00722EE0
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00722EF1
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00722F0B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4e95542d33a4556ad675365bb8a683082480599af8c153ca37839d3cf5a65ce3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1f982543fb20e3c03212d60ad4a844473cc3f1cea71d78c2f36713dd3849ac56
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e95542d33a4556ad675365bb8a683082480599af8c153ca37839d3cf5a65ce3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F310930A04260AFDB21CF58EC88F6537E1EB59710F5A41A4F5118F2B2CBB9E842EF45
                                                                                                                                                                                                                                                                                                                                                                      Function 006F7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006F7769
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006F778F
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 006F7792
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 006F77B0
                                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 006F77B9
                                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 006F77DE
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 006F77EC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 02225f661e8481c9360c94f36ce6c277e5b11c63da9f616a55e7167621efdf38
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3b043534a6f931e076e3fe71fe8b563eca21d56e59d9b6725ea73e121a423b02
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02225f661e8481c9360c94f36ce6c277e5b11c63da9f616a55e7167621efdf38
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E21A17660421DAFDB10EFA8CC88CFB77ADEB093647108029FA04DB250D674DC428BA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006F77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006F7842
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 006F7868
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 006F786B
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 006F788C
                                                                                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32 ref: 006F7895
                                                                                                                                                                                                                                                                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 006F78AF
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 006F78BD
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1bb5380c2549c21807cd12a57271fcf1b2f7a3fdff25c9ad8ae283581ba88151
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e728c21423f5024b3d9064f6ccbd8fdd2430639d32c2f6000e4818845308074
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1bb5380c2549c21807cd12a57271fcf1b2f7a3fdff25c9ad8ae283581ba88151
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67217771604108BFDB10AFA8DC89DBB77EDEB197607108135FA25CB2A5D674DC42CB68
                                                                                                                                                                                                                                                                                                                                                                      Function 007004D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 007004F2
                                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0070052E
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 77bdafe4b5ac38fffa133b44ddd5b6c3204e4fcecd27cea053d25bd246feccb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dbf10dd5ae1934f21dd07d572cc00b62c94a649d4453d2b2eca87de32d81c171
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77bdafe4b5ac38fffa133b44ddd5b6c3204e4fcecd27cea053d25bd246feccb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16216B71500205EBDB208F29DC08F9A77F4BF55734F204B19E8A1D62E0D7749961CFA0
                                                                                                                                                                                                                                                                                                                                                                      Function 007005A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 007005C6
                                                                                                                                                                                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00700601
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                      • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e13c738895cd79fb8372bf49c85beafc4762bfc560f87aeaba71fc8ae336f3b7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c9b45cb5414acb60799d7a8e7d56fc36d03da13a5d8e175b0e49b8eeedbd01c9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e13c738895cd79fb8372bf49c85beafc4762bfc560f87aeaba71fc8ae336f3b7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521A175500305DBDB208F68DC08B9A77E5BF95730F204B19F8A1E32E0DBB59961CB94
                                                                                                                                                                                                                                                                                                                                                                      Function 007240AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0069604C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069600E: GetStockObject.GDI32(00000011), ref: 00696060
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0069606A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00724112
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0072411F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0072412A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00724139
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00724145
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f63fe052c6b83ab9860cc2f4c5a1bda756ca56a59ee51b42e5e7fec6ca99fe15
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e27ef221a7f6a0927f7f2914c9d655b32eb115606aa7c7d7975b31ebac056d1c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f63fe052c6b83ab9860cc2f4c5a1bda756ca56a59ee51b42e5e7fec6ca99fe15
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD11B6B114022DBEEF218F64DC85EE77F5DEF08798F014110FA18A2090CB769C61DBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006CD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006CD7A3: _free.LIBCMT ref: 006CD7CC
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD82D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000), ref: 006C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: GetLastError.KERNEL32(00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000,00000000), ref: 006C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD838
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD843
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD897
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD8A2
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD8AD
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD8B8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ec516eb2eda0b2e6b4768e10d5ec6f2de4c50470db1d7bd4245632b5f0904a3d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4115E71540B04AAD6A1BFB1CC47FEB7BDEEF00B00F40083DB69DA6892DA75F5058664
                                                                                                                                                                                                                                                                                                                                                                      Function 006FDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 006FDA74
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 006FDA7B
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 006FDA91
                                                                                                                                                                                                                                                                                                                                                                      • LoadStringW.USER32(00000000), ref: 006FDA98
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 006FDADC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 006FDAB9
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cc4b6f428f297955e6106be4798737b9b4aef3931a2b22fb4b13f7b10f19c317
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: df9cc11d0c3b99570bb4954622b415e407b6b5c6ac851aa2c674bf44cd969c09
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc4b6f428f297955e6106be4798737b9b4aef3931a2b22fb4b13f7b10f19c317
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC0162F250020C7FE7519BA0DD89EFB326CEB08701F4044A6B706E2141E6789E854F78
                                                                                                                                                                                                                                                                                                                                                                      Function 0070096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(010AE220,010AE220), ref: 0070097B
                                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(010AE200,00000000), ref: 0070098D
                                                                                                                                                                                                                                                                                                                                                                      • TerminateThread.KERNEL32(?,000001F6), ref: 0070099B
                                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000003E8), ref: 007009A9
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 007009B8
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(010AE220,000001F6), ref: 007009C8
                                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(010AE200), ref: 007009CF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6002d50573c718a7d5c1ed0cf7ea4ed5e0246ba620969c6aef257921bf9c60b6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 271d112988899a434b8227fbf1b93773224283d1b0226de1884189eeb6bb2037
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6002d50573c718a7d5c1ed0cf7ea4ed5e0246ba620969c6aef257921bf9c60b6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86F01D31442902EBD7625B94EE8DBDA7A65BF11712F505115F101508A1CB78A466CFD4
                                                                                                                                                                                                                                                                                                                                                                      Function 00711C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __WSAFDIsSet.WSOCK32(00000000,?), ref: 00711DC0
                                                                                                                                                                                                                                                                                                                                                                      • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00711DE1
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00711DF2
                                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(?), ref: 00711EDB
                                                                                                                                                                                                                                                                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 00711E8C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F39E8: _strlen.LIBCMT ref: 006F39F2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00713224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,0070EC0C), ref: 00713240
                                                                                                                                                                                                                                                                                                                                                                      • _strlen.LIBCMT ref: 00711F35
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 74e57e696f3cb3582e114a698b9e1397e254b57a43720b1f44d40b8599d647ea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 02423c66d74dfd3586dc2a0968a3ecc2f2dc61b86138afc0729017fc6941b6ad
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74e57e696f3cb3582e114a698b9e1397e254b57a43720b1f44d40b8599d647ea
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98B10631204300AFD724DF28C885E6A7BEAAF85318F94854CF5565F2E2DB35ED82CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 006C01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 006C00BA
                                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006C00D6
                                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 006C00ED
                                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006C010B
                                                                                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 006C0122
                                                                                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006C0140
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8738ebf1ea63320febe0511518ecdb164176111503a9c9288e1add627540532e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B381C4B1A007069BE7209F69CC42FBAB3EAEF41724F28453EF551D6791E770D9408754
                                                                                                                                                                                                                                                                                                                                                                      Function 006C61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,006B82D9,006B82D9,?,?,?,006C644F,00000001,00000001,8BE85006), ref: 006C6258
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,006C644F,00000001,00000001,8BE85006,?,?,?), ref: 006C62DE
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 006C63D8
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 006C63E5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C3820: RtlAllocateHeap.NTDLL(00000000,?,00761444,?,006AFDF5,?,?,0069A976,00000010,00761440,006913FC,?,006913C6,?,00691129), ref: 006C3852
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 006C63EE
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 006C6413
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fb9b905028b2918eb62028db91b55c90986d4c486b9f2f102960971bb997cc07
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 77164e5f5074df36e3ff4a26e3a9cefec4982183426661b107b68711517e269d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb9b905028b2918eb62028db91b55c90986d4c486b9f2f102960971bb997cc07
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F51A072600256ABEB258F64CC81FFF77ABEB44750F15862DF809D6281DB34DD41C6A8
                                                                                                                                                                                                                                                                                                                                                                      Function 0071BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0071B6AE,?,?), ref: 0071C9B5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071C9F1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071CA68
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071CA9E
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0071BCCA
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0071BD25
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0071BD6A
                                                                                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0071BD99
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0071BDF3
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0071BDFF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 57b6520112fd082528fbfa526221a6674de7f0db612e6f13aec6f86c1aec0735
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 82cb57ef0834f03060ef4e06c1f27d47ec2c5feac83e4dac240a1f68d075d4fd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 57b6520112fd082528fbfa526221a6674de7f0db612e6f13aec6f86c1aec0735
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32819130208241EFD715DF68C895E6ABBE9FF84308F14895CF4954B2A2DB35ED45CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 006EF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(00000035), ref: 006EF7B9
                                                                                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000001), ref: 006EF860
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(006EFA64,00000000), ref: 006EF889
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(006EFA64), ref: 006EF8AD
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopy.OLEAUT32(006EFA64,00000000), ref: 006EF8B1
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 006EF8BB
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2b33dd7a72ecea23dc41182cac8c18c7fc5f38d9be44c78acd0b3e56d9ad49cb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e494f14fe84ac3ff30eddb647c2b9fbe4d56c46c4df3449fc148be7b67e11b2d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2b33dd7a72ecea23dc41182cac8c18c7fc5f38d9be44c78acd0b3e56d9ad49cb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F851EB31902350FBDF60AF66D89572973EAEF45710F20946AF805DF292DB708C41CB5A
                                                                                                                                                                                                                                                                                                                                                                      Function 0070910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00697620: _wcslen.LIBCMT ref: 00697625
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      • GetOpenFileNameW.COMDLG32(00000058), ref: 007094E5
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 00709506
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0070952D
                                                                                                                                                                                                                                                                                                                                                                      • GetSaveFileNameW.COMDLG32(00000058), ref: 00709585
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d3239e8cbf20c9cba3d1c1b814ba24c63b4edce95f560629c2331780da5befc4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6e39a09fd284416817fc69f7bf3a2752b4224f5d1cbfbb56a1bf56fcfad6f2bb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d3239e8cbf20c9cba3d1c1b814ba24c63b4edce95f560629c2331780da5befc4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8E1BF71508340DFCB64EF24C881A6AB7E5BF85314F048A6DF9899B2A2DB34DD05CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 006A920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 006A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?,?), ref: 006A9241
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 006A92A5
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 006A92C2
                                                                                                                                                                                                                                                                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 006A92D3
                                                                                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?,?,?,?), ref: 006A9321
                                                                                                                                                                                                                                                                                                                                                                      • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 006E71EA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9339: BeginPath.GDI32(00000000), ref: 006A9357
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6df6d7ac9521e5bc01cfe5f06e94301562b97c474a0640671f3c17f6af74007c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4299a1aac08e92014f0155daee93f48ab26c636a7567594894ecea16aa75b7ee
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6df6d7ac9521e5bc01cfe5f06e94301562b97c474a0640671f3c17f6af74007c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E541B030105340AFD721EF24C889FAA7BBAEF56320F284229F955872A1C775AC45DF65
                                                                                                                                                                                                                                                                                                                                                                      Function 007007EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 0070080C
                                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00700847
                                                                                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00700863
                                                                                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 007008DC
                                                                                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 007008F3
                                                                                                                                                                                                                                                                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00700921
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 627192c47e2b4edf94256a1e435d53e461a29dc564cb844c0f88fdb95e017790
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4d2140dce2d43c79701d1bcc2e2d5a60020b1be987a7e8f80e89e3ca810334b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 627192c47e2b4edf94256a1e435d53e461a29dc564cb844c0f88fdb95e017790
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF41AF71900205EFDF15AF94DC85AAA77B9FF04310F1080A9ED009A297DB74EE61DFA8
                                                                                                                                                                                                                                                                                                                                                                      Function 007281DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,006EF3AB,00000000,?,?,00000000,?,006E682C,00000004,00000000,00000000), ref: 0072824C
                                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 00728272
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000), ref: 007282D1
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 007282E5
                                                                                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 0072830B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0072832F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 7f1b83efc0f5e431a608e98b05243465e09e84eadf36c93f8b297fbc28d5314f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f173e61c059d0aade1f5f3a518f927886064f04e6e59d090f8a84b66709caced
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f1b83efc0f5e431a608e98b05243465e09e84eadf36c93f8b297fbc28d5314f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9341C730602754EFDB61CF14E899BE87BE0FB05714F1891A9E5094B263CB7BA841CF56
                                                                                                                                                                                                                                                                                                                                                                      Function 006F4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 006F4C95
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 006F4CB2
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 006F4CEA
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006F4D08
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 006F4D10
                                                                                                                                                                                                                                                                                                                                                                      • _wcsstr.LIBVCRUNTIME ref: 006F4D1A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6807d4c8fd8283d7eb1612a8199f6904649c7ef73a318073d3c840de9171f52e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 761b869a4cc6bbca9e363d37992bec2e20dec6e33dd963a5408920932d4f8572
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6807d4c8fd8283d7eb1612a8199f6904649c7ef73a318073d3c840de9171f52e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22214931204204BBEB255B39DC09EBF7BDEDF45750F10806DF905CA292DE64CC0186A4
                                                                                                                                                                                                                                                                                                                                                                      Function 0070581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00693AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00693A97,?,?,00692E7F,?,?,?,00000000), ref: 00693AC2
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0070587B
                                                                                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00705995
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(0072FCF8,00000000,00000001,0072FB68,?), ref: 007059AE
                                                                                                                                                                                                                                                                                                                                                                      • CoUninitialize.OLE32 ref: 007059CC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a4c31210ebc9f2daca656a18755d8877fe3fc0170228d7484b406edfeb4f6125
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2bdbca0d229cecf3ca66e53bce004f76aae2987732395b28da863b93f1ef7c67
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4c31210ebc9f2daca656a18755d8877fe3fc0170228d7484b406edfeb4f6125
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FD133B1608601DFCB14DF24C48492ABBE6EF89710F158A5DF8899B2A1DB35EC45CF92
                                                                                                                                                                                                                                                                                                                                                                      Function 006F175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006F0FCA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006F0FD6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006F0FE5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006F0FEC
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006F1002
                                                                                                                                                                                                                                                                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,006F1335), ref: 006F17AE
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 006F17BA
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 006F17C1
                                                                                                                                                                                                                                                                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 006F17DA
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,006F1335), ref: 006F17EE
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F17F5
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 29bd4fbf93dc55e29d00d141922d58c835e4c66ae04bf93dbb2d2f78cd214d42
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1df5e5a4c4e0211df7fec05fc53f9530b3e8cc771084803fa8286607e55d841c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29bd4fbf93dc55e29d00d141922d58c835e4c66ae04bf93dbb2d2f78cd214d42
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55117C71901209EFDB21AFA4CC4ABFF7BAAEB46395F108018F5459B210D739AA45CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 006F14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 006F14FF
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 006F1506
                                                                                                                                                                                                                                                                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 006F1515
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 006F1520
                                                                                                                                                                                                                                                                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 006F154F
                                                                                                                                                                                                                                                                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 006F1563
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 31da737e908fbe2447a1961c451c98cab3f87b0bc70abaa26b0be776ad06361e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5199466df692802c2df0019b7075f15ddc02869607b4573a2536a91f68c3573a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 31da737e908fbe2447a1961c451c98cab3f87b0bc70abaa26b0be776ad06361e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E411597250020DEBDF22CF98DD49BEE7BAAEF49744F148018FA05A6160C3758E61DB64
                                                                                                                                                                                                                                                                                                                                                                      Function 006B3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,006B3379,006B2FE5), ref: 006B3390
                                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 006B339E
                                                                                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006B33B7
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,006B3379,006B2FE5), ref: 006B3409
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9beef5a3fe05452514fc9c3ba4abc5c76e996490a09eabb74926df93d0b12d18
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e666d1d653c4930c8c21d00fc0b921f78597412a4b778b55493c003d5fb25d49
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9beef5a3fe05452514fc9c3ba4abc5c76e996490a09eabb74926df93d0b12d18
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0001F5B2308331BEA6262774AC867E72BD6DB15376720422DF410853F1FF524D82934C
                                                                                                                                                                                                                                                                                                                                                                      Function 006C2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,006C5686,006D3CD6,?,00000000,?,006C5B6A,?,?,?,?,?,006BE6D1,?,00758A48), ref: 006C2D78
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2DAB
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2DD3
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,006BE6D1,?,00758A48,00000010,00694F4A,?,?,00000000,006D3CD6), ref: 006C2DE0
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,?,?,?,?,006BE6D1,?,00758A48,00000010,00694F4A,?,?,00000000,006D3CD6), ref: 006C2DEC
                                                                                                                                                                                                                                                                                                                                                                      • _abort.LIBCMT ref: 006C2DF2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a5c26ad69e386c237d2e1140d76f7b402ffcbe925bc0984fcc152236ce38fb4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 83e0cab17c1978bfe0fc34184b241cd3abc46c6cd6f08ff05e447e5232709a41
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a5c26ad69e386c237d2e1140d76f7b402ffcbe925bc0984fcc152236ce38fb4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EF0A931505B0267C66377356C36FBE155BEFE2761F24851CFC25922D2DE38990241A9
                                                                                                                                                                                                                                                                                                                                                                      Function 00728A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 006A9693
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: SelectObject.GDI32(?,00000000), ref: 006A96A2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: BeginPath.GDI32(?), ref: 006A96B9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: SelectObject.GDI32(?,00000000), ref: 006A96E2
                                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00728A4E
                                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000003,00000000), ref: 00728A62
                                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00728A70
                                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,00000000,00000003), ref: 00728A80
                                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 00728A90
                                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 00728AA0
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 19421ae1d1543dc63e93cc94f69e55b37e9be776875f42f67e30789a8a4b4165
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 942a4d1ec3812e7507a0a424bc83e746d93eb9f006c927c58c1826f28755538a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19421ae1d1543dc63e93cc94f69e55b37e9be776875f42f67e30789a8a4b4165
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B411FA7600015CFFEF229F94DC48E9A7F6DEB08350F04C011BA1599161C775AD55DBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006F51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 006F5218
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 006F5229
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 006F5230
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 006F5238
                                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 006F524F
                                                                                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(000009EC,00000001,?), ref: 006F5261
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2a6d64333a671e2a70768c3cb5ccdbd0f8bdf2fa07ef6b170cdcb485a8bdfb36
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9fee817deb967d8460b6620572d297d64a701c2f1cbc605ecc5890bffcfa26e0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a6d64333a671e2a70768c3cb5ccdbd0f8bdf2fa07ef6b170cdcb485a8bdfb36
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F601DF71E00708BBEB209BA68C49A5EBFB8EF48711F048065FB04A7281D6308C01CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 00691BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00691BF4
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 00691BFC
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00691C07
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00691C12
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 00691C1A
                                                                                                                                                                                                                                                                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 00691C22
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: df4fd9f77e19356f200de3700fa455d635c0b5f8bc2136db64aad0b49f6513f7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d763055220a2018ed855a8fda70f5a5f9fbc7c8acd333a07f84928eed03cbbdb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df4fd9f77e19356f200de3700fa455d635c0b5f8bc2136db64aad0b49f6513f7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C0167B0902B5ABDE3008F6A8C85B56FFA8FF19354F00415BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                      Function 006FEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 006FEB30
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 006FEB46
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 006FEB55
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006FEB64
                                                                                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006FEB6E
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 006FEB75
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 48bb6cb32eeb6e77e1ab4c103b718787789fc1e42aac8f59c02f2519fb50f09c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b8c205c8108368cbb1292ebbdd5d839041ecc6cacc598f2c55977b23032515cb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 48bb6cb32eeb6e77e1ab4c103b718787789fc1e42aac8f59c02f2519fb50f09c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0F05EB2240558BBE7325B629C0EEEF3E7DEFDAB11F008158F601D1191D7A85A02C6B9
                                                                                                                                                                                                                                                                                                                                                                      Function 006E7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?), ref: 006E7452
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001328,00000000,?), ref: 006E7469
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowDC.USER32(?), ref: 006E7475
                                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 006E7484
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 006E7496
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000005), ref: 006E74B0
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 05b3f84c384e240deb72a7fc1ac9d02eef92765e48b1021b3a8d8210d34b7d80
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9579599ad28b318999a3898d165a05823109d515f84604f1dd3ba09eca866123
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05b3f84c384e240deb72a7fc1ac9d02eef92765e48b1021b3a8d8210d34b7d80
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87018B31400205EFDB225F65DC08BEE7BB6FF14311F608060F916A21A1CB392E52AB54
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 006F187F
                                                                                                                                                                                                                                                                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 006F188B
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 006F1894
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 006F189C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 006F18A5
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F18AC
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 367aeb0924e99adf870a71b71b81483115a1dd1336382442898f5fe6ce60ca1b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0318f70b35a068742965eb353d14bf2efe3f9a69daf88d30e9db50bf0edd3550
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 367aeb0924e99adf870a71b71b81483115a1dd1336382442898f5fe6ce60ca1b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85E0E576004505BBDB125FA1ED0E90EBF39FF69B22B20C628F22581075CB369832DF58
                                                                                                                                                                                                                                                                                                                                                                      Function 0069BBE0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 0069BEB3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: D%v$D%v$D%v$D%vD%v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-1917565954
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e0391e1774c9a73e82c907f8cdb451a5385c40e6652b8b05e15404f986d10790
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fa5671fbc8f85154876f06036ed21bf98953ff14eed509c3af46eba3c1a978ca
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0391e1774c9a73e82c907f8cdb451a5385c40e6652b8b05e15404f986d10790
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB918A75A0020ACFCF18CF58D1906AAB7F6FF58310F24916AD942AB751D771AD82CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00717B7E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B0242: EnterCriticalSection.KERNEL32(0076070C,00761884,?,?,006A198B,00762518,?,?,?,006912F9,00000000), ref: 006B024D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B0242: LeaveCriticalSection.KERNEL32(0076070C,?,006A198B,00762518,?,?,?,006912F9,00000000), ref: 006B028A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00A3: __onexit.LIBCMT ref: 006B00A9
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00717BFB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B01F8: EnterCriticalSection.KERNEL32(0076070C,?,?,006A8747,00762514), ref: 006B0202
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B01F8: LeaveCriticalSection.KERNEL32(0076070C,?,006A8747,00762514), ref: 006B0235
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: +Tn$5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 535116098-3084022385
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9cbd4745ddeda71061adcee2e6873bdb4dbb27a13d41381993b1d72599972ed9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e9f833d0bd5aec2ab18358d556f59e227d41aff8a8fcd91a1b7945d6c6e269ad
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9cbd4745ddeda71061adcee2e6873bdb4dbb27a13d41381993b1d72599972ed9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 44918D70A04209EFCB18EF98D8959EDB7B6FF44300F10805DF8469B292DB75AE85CB65
                                                                                                                                                                                                                                                                                                                                                                      Function 006FC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00697620: _wcslen.LIBCMT ref: 00697625
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006FC6EE
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006FC735
                                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 006FC79C
                                                                                                                                                                                                                                                                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 006FC7CA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ace1a23a28418da50ad9cc7a35077d9751fa52ad043626ae0be58ed396aa82e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c1da0bbcf488f77d529b37834bc01cc8a573fe04b74c4e9a7c777845c308b6a3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ace1a23a28418da50ad9cc7a35077d9751fa52ad043626ae0be58ed396aa82e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6651E17160830C9BD755AF28CA85ABB77EAAF85320F040A2DFA95D3290DB74DD04CB56
                                                                                                                                                                                                                                                                                                                                                                      Function 0071AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(0000003C), ref: 0071AEA3
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00697620: _wcslen.LIBCMT ref: 00697625
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 0071AF38
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0071AF67
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 875d4e96d4b25edda0a744048933d6950303d344ceecea01a6c01b9dd93187e7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 65954df1850ce0102d4c64dcf9af5b900fb1e10586645c2da0d6456718edd6a0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 875d4e96d4b25edda0a744048933d6950303d344ceecea01a6c01b9dd93187e7
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37715871A00615EFCF14DF58C485A9EBBF5AF08310F04849DE816AB692CB78ED85CB95
                                                                                                                                                                                                                                                                                                                                                                      Function 006F719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 006F7206
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 006F723C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 006F724D
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 006F72CF
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b031369d2c9672e05c0985a3957df347a4ca1ff8545e781aa815a32cbc0eafa4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 69dad579e40cd9a6c533e577aa5a6aa16fd93e7fc7a323448f267768209aeecc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b031369d2c9672e05c0985a3957df347a4ca1ff8545e781aa815a32cbc0eafa4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B4162B1604208EFDB15CF54C885AAA7BBAEF44310F1480ADFE059F20AD7B5DE45CBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00722F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00722F8D
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 00722F94
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00722FA9
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00722FB1
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c302e2480e4df956e1ba285eaf4370a9a05cd7104c1d3b75945b5225d2e9c4b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7033ef59be49d3f45eb5c22aad125174c76b681d02a864ac468c6b53c8c74d0f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c302e2480e4df956e1ba285eaf4370a9a05cd7104c1d3b75945b5225d2e9c4b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A821DC72200225BBEB218F64ED84EBB37BDEB58364F104618FA10D20A1C779DC429760
                                                                                                                                                                                                                                                                                                                                                                      Function 006B4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,006B4D1E,006C28E9,?,006B4CBE,006C28E9,007588B8,0000000C,006B4E15,006C28E9,00000002), ref: 006B4D8D
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006B4DA0
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,006B4D1E,006C28E9,?,006B4CBE,006C28E9,007588B8,0000000C,006B4E15,006C28E9,00000002,00000000), ref: 006B4DC3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 744d5a3fd940e771ae4fa9e148191d17470ecc5f8906c30acb2349f8e76bd372
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3898633a9579eac10300665b2aa0984fc95eb4b4d52d57b749eda791bce33180
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 744d5a3fd940e771ae4fa9e148191d17470ecc5f8906c30acb2349f8e76bd372
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDF0A470500208BBDB119F90DC09BDDBFB5EF04751F004094F805A2261CF345A81CBD4
                                                                                                                                                                                                                                                                                                                                                                      Function 00694E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00694EDD,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694E9C
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00694EAE
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00694EDD,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694EC0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3db201fe8615216bb63c5bf52d2d25f3f05a34e01bcfcb368f2755ce53794fc2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 47fdd2fca24671cf6a29670e8c8b8f4f9516c7b17db63d21e648f31bf2b5b076
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3db201fe8615216bb63c5bf52d2d25f3f05a34e01bcfcb368f2755ce53794fc2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34E0CD75A016325BD63317257C19F9F655DAFA1F637054115FC01D2310DF68CD1380E4
                                                                                                                                                                                                                                                                                                                                                                      Function 00694E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,?,006D3CDE,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694E62
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00694E74
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,006D3CDE,?,00761418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00694E87
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0ee6d01ff98c75d4c578720cf06561b2c668f30d41f7e7c6413c27ab4354050a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 962d3ebc90882d8017b2a69cefee88c2151d7ddf02e9cfc94c05187673da0d5a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ee6d01ff98c75d4c578720cf06561b2c668f30d41f7e7c6413c27ab4354050a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AED0C272902A31574A331B247C09DCF2A1EAF85B513054110BC00A2310CF68CE13C1D4
                                                                                                                                                                                                                                                                                                                                                                      Function 00702947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00702C05
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?), ref: 00702C87
                                                                                                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00702C9D
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00702CAE
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00702CC0
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e2d4a356047e0d13c5101f178ab92a6d4e74b760fb58b1b0c49acbfe4f0ce08a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f135f59602586b60ec7b814c8faf200c1f643d98e260da70c84270e2d33e1d0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2d4a356047e0d13c5101f178ab92a6d4e74b760fb58b1b0c49acbfe4f0ce08a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DB163B2D00119EBDF21DBA4CC49EDE77BDEF09350F1041AAF909E6182EA349A458F65
                                                                                                                                                                                                                                                                                                                                                                      Function 0071A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 0071A427
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0071A435
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0071A468
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0071A63D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d000167c1f6493054eccd1b90977af5b4adba64b8e6b1f4b2b4e4d6dd2386d70
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a130f682a5b98b7d4da41de44b25be2f325876a1c297f028d6d7bc70774ee2f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d000167c1f6493054eccd1b90977af5b4adba64b8e6b1f4b2b4e4d6dd2386d70
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72A1C371604300AFD760DF28C886F2AB7E6AF84724F14881DF55A9B6D2D774EC41CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 006CBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00733700), ref: 006CBB91
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,0076121C,000000FF,00000000,0000003F,00000000,?,?), ref: 006CBC09
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00761270,000000FF,?,0000003F,00000000,?), ref: 006CBC36
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CBB7F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000), ref: 006C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: GetLastError.KERNEL32(00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000,00000000), ref: 006C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CBD4B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 73d50510c03c4e27fb6fda2cf09b934120d04ccd0e74cdea6dc18994b6bec94d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: caa245e063a31c04d0230d5e73ad23a5d33d10a3980435b98172995aea7f459d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 73d50510c03c4e27fb6fda2cf09b934120d04ccd0e74cdea6dc18994b6bec94d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D510471900309AFCB10EF658C86EBEB7BAFF40310F14526EE515E7291EB709E418B98
                                                                                                                                                                                                                                                                                                                                                                      Function 006FE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,006FCF22,?), ref: 006FDDFD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,006FCF22,?), ref: 006FDE16
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FE199: GetFileAttributesW.KERNEL32(?,006FCF95), ref: 006FE19A
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 006FE473
                                                                                                                                                                                                                                                                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 006FE4AC
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006FE5EB
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006FE603
                                                                                                                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 006FE650
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: be3630ff779d11a5e898a39b0a955d69195284bd9e1a4a04cd830023fb2ca8f3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4a30d724da8039ba13f85ffa52a42f226b4ae463b1534ee9a1aa5c9aaecb0e58
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be3630ff779d11a5e898a39b0a955d69195284bd9e1a4a04cd830023fb2ca8f3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 765184B24083489BC774EB94DC819EF77EEAF94340F00491EF689D3151EF75A688876A
                                                                                                                                                                                                                                                                                                                                                                      Function 0071B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0071B6AE,?,?), ref: 0071C9B5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071C9F1
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071CA68
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071C998: _wcslen.LIBCMT ref: 0071CA9E
                                                                                                                                                                                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0071BAA5
                                                                                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0071BB00
                                                                                                                                                                                                                                                                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0071BB63
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 0071BBA6
                                                                                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0071BBB3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 92c647de275539642ec72061c207862aa8ba3b6962212a7f7c563cea7d4fbbb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d5d30b2dbeb81246b1a2d6653230034e337a770ecf229e8e6a73f4fe89eec86
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92c647de275539642ec72061c207862aa8ba3b6962212a7f7c563cea7d4fbbb6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B61C671108241EFD714DF68C890E6ABBE9FF84308F14855CF4994B6A2DB35ED45CB92
                                                                                                                                                                                                                                                                                                                                                                      Function 006F8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • VariantInit.OLEAUT32(?), ref: 006F8BCD
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 006F8C3E
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32 ref: 006F8C9D
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 006F8D10
                                                                                                                                                                                                                                                                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 006F8D3B
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4fc308b3de3ba52f030001631584a5e3be5c4f2db13762d37f25e77564a8c59f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 685adbedbf3da1f1bebf7c98bead7be3187082a26ab6dad89962ea639f74a4a8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4fc308b3de3ba52f030001631584a5e3be5c4f2db13762d37f25e77564a8c59f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50517BB5A00619EFCB10CF68C884AAABBF9FF89310B158599F905DB354E734E911CF90
                                                                                                                                                                                                                                                                                                                                                                      Function 00708AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00708BAE
                                                                                                                                                                                                                                                                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00708BDA
                                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00708C32
                                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00708C57
                                                                                                                                                                                                                                                                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00708C5F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 206e3a5d1e4cf8799a1b1c12a43608d83e778373793f3ed430450c89d7b8237f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ee0ceb1dfdcd01c6d921fc668b03e9d4aec27db8069e293b6d3772950ab37f06
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 206e3a5d1e4cf8799a1b1c12a43608d83e778373793f3ed430450c89d7b8237f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F515E35A00214DFDF51DF54C88096DBBF6BF49314F048098E8495B362DB35ED41CB95
                                                                                                                                                                                                                                                                                                                                                                      Function 00718EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00718F40
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00718FD0
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 00718FEC
                                                                                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00719032
                                                                                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00719052
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00701043,?,75C0E610), ref: 006AF6E6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,006EFA64,00000000,00000000,?,?,00701043,?,75C0E610,?,006EFA64), ref: 006AF70D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e0505f021212769b9404ba60bca215a8f94eaf5d2c28935a257448976942aa07
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dd5abbc81f2e0bfffa8befc16bf85c7cd3996b87b03d07d9cd7c9e8c46775e82
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0505f021212769b9404ba60bca215a8f94eaf5d2c28935a257448976942aa07
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF516A34600205DFCB55DF58C4958ADBBF6FF49314F098098E806AB7A2DB35ED86CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 00726B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00726C33
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,?), ref: 00726C4A
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00726C73
                                                                                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,0070AB79,00000000,00000000), ref: 00726C98
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00726CC7
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 09f7c380da05fe3acd84ef9d75fb6a06d592f74393bc08ec2bdca40cb8130af1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: eb663c42031c8f3dadac74f430ec6117282d3b6f7cfb7b13646217ec08c7a37d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09f7c380da05fe3acd84ef9d75fb6a06d592f74393bc08ec2bdca40cb8130af1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29412975600124AFD725EF28DC48FA97BA5EB09360F15426AF895E73E0C379FD81CA60
                                                                                                                                                                                                                                                                                                                                                                      Function 006C2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 36b43670c40a0b898695c71ce6f96546f61c1a1a6641fdc0b127b824f1f18350
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: deed0cb77e16dd2936fd2343cc0db07d72d05b271314c49a016331ec117c0d91
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36b43670c40a0b898695c71ce6f96546f61c1a1a6641fdc0b127b824f1f18350
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C541E672A002019FCB20DF78C891FADB3A6EF89314F15456DEA15EB391D631AD01CB84
                                                                                                                                                                                                                                                                                                                                                                      Function 006A912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 006A9141
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(00000000,?), ref: 006A915E
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 006A9183
                                                                                                                                                                                                                                                                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 006A919D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a41a94e2c741b18c83cce40ed0b713a214e81a4b986130e8d7b7f63817277c58
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 160cc9f2bceb427b4c12c53cbed046d63a81ef1a80c500d1f16e849cf91d1899
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a41a94e2c741b18c83cce40ed0b713a214e81a4b986130e8d7b7f63817277c58
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8A417F3190865AFBDF15AF65C848BEEB776FF06320F248219E425A7290C7346D51CF61
                                                                                                                                                                                                                                                                                                                                                                      Function 00703874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetInputState.USER32 ref: 007038CB
                                                                                                                                                                                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00703922
                                                                                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 0070394B
                                                                                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00703955
                                                                                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00703966
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3e5f797b783419d82f2380a94b4910b5cfaaeb433885c4bb660fefdc802f906
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 439a3cbdd574e2f2ec698ff09c286b1d523a4050c9724748bcb60c34fc107743
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3e5f797b783419d82f2380a94b4910b5cfaaeb433885c4bb660fefdc802f906
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E631C570914342DEEB35CB359808BA637ECAB11308F588669D467921D0D3ECB685CB25
                                                                                                                                                                                                                                                                                                                                                                      Function 0070CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,0070C21E,00000000), ref: 0070CF38
                                                                                                                                                                                                                                                                                                                                                                      • InternetReadFile.WININET(?,00000000,?,?), ref: 0070CF6F
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,?,?,?,0070C21E,00000000), ref: 0070CFB4
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0070C21E,00000000), ref: 0070CFC8
                                                                                                                                                                                                                                                                                                                                                                      • SetEvent.KERNEL32(?,?,00000000,?,?,?,0070C21E,00000000), ref: 0070CFF2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a5fdca22b08056b8a2b9dc01cc622590ed82486f423306499f86adc24bd01817
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3d736b33c8c97891241db087c5ce4c67458c8343b3ad51ae997a60f0c6db1662
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5fdca22b08056b8a2b9dc01cc622590ed82486f423306499f86adc24bd01817
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1314F72500206EFDB26DFA5C8849AFBBF9EF14354B10862EF506D2181DB38BE419B61
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 006F1915
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000201,00000001), ref: 006F19C1
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?), ref: 006F19C9
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000001,00000202,00000000), ref: 006F19DA
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?), ref: 006F19E2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8b1b471e24c08748037e6358ee9b1beb67b964800a20ea2b5a0ffa419ebeb638
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e3aa45e66d08fe5217f7506d2366c4da8a012c3f3dc6ba4474b99dc5301ed8ed
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8b1b471e24c08748037e6358ee9b1beb67b964800a20ea2b5a0ffa419ebeb638
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D31F67190021DEFCB14CFA8CD59AEE3BB6EB05314F008229FA21AB2D0C3B09D55CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00725706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00725745
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 0072579D
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007257AF
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007257BA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00725816
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d4a5ea02faf02f5d81f774910fda9296bea4d6c6015d6710fdfe2bfd408b39b2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a16e9c441754dd5f7de171d515b4804a799a337271ce01a06a18a3148af88a53
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4a5ea02faf02f5d81f774910fda9296bea4d6c6015d6710fdfe2bfd408b39b2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C21A571904628DADB209F60EC84EEDB7B8FF14320F108256E929EB180D7789AC5CF50
                                                                                                                                                                                                                                                                                                                                                                      Function 00710930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • IsWindow.USER32(00000000), ref: 00710951
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00710968
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 007109A4
                                                                                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 007109B0
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 007109E8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f6a30d5e1a16094165e6747671e63d9c87e6d1d7cea94de967f89d68a1d86a6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8c963c0ffa26df7328268763f9e2fbe4cde30ef8e3e56e3c01952e26a34dbee8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f6a30d5e1a16094165e6747671e63d9c87e6d1d7cea94de967f89d68a1d86a6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A21A175600204EFD714EF68D888AAEBBF9EF44700F00812CF84A977A2DB74AC44CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 006CCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 006CCDC6
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006CCDE9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C3820: RtlAllocateHeap.NTDLL(00000000,?,00761444,?,006AFDF5,?,?,0069A976,00000010,00761440,006913FC,?,006913C6,?,00691129), ref: 006C3852
                                                                                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 006CCE0F
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CCE22
                                                                                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 006CCE31
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e3de57aee0c276ee736aa92af4fc4b83f0ab5e8d6a39c9acde6f77b060b89a01
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a68f5194638dd443626fce1ee3f83be6b1e659c1f75610e5905a0c718ebed3e6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3de57aee0c276ee736aa92af4fc4b83f0ab5e8d6a39c9acde6f77b060b89a01
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC01D8726016157F6322167A6C4CEBF696EDECBBB1315412DFD09C7201DA658D0281F4
                                                                                                                                                                                                                                                                                                                                                                      Function 006A9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 006A9693
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 006A96A2
                                                                                                                                                                                                                                                                                                                                                                      • BeginPath.GDI32(?), ref: 006A96B9
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 006A96E2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d15ce939425865ed4e0eb6e97f1b707e5cf026124e39aa88d14207cd9b85e881
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 22d574df55171d5cde6cab3c095873e94fd7df6678a6436993e6c4c3d1a2a353
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d15ce939425865ed4e0eb6e97f1b707e5cf026124e39aa88d14207cd9b85e881
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2218370802345EBEF11AF64DC197ED3B66BF12315F688215F412A61B0D3B8AC52CFA8
                                                                                                                                                                                                                                                                                                                                                                      Function 006F5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e2223c77d68cc48ad0438e7ae247f53a95428a553fafe598258b7e0c0dae6ccc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f0cb8e93a9b7a082ec549f3e4bf2e120894d39795ca7e335607de4af1e80e6fb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2223c77d68cc48ad0438e7ae247f53a95428a553fafe598258b7e0c0dae6ccc
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E01F5E2245A1DBBD2486111AD92FFB739F9B22394F400034FF069E242FB20ED5183B4
                                                                                                                                                                                                                                                                                                                                                                      Function 006C2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,006BF2DE,006C3863,00761444,?,006AFDF5,?,?,0069A976,00000010,00761440,006913FC,?,006913C6), ref: 006C2DFD
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2E32
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2E59
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00691129), ref: 006C2E66
                                                                                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00691129), ref: 006C2E6F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 308da6540cb88d358977f36401ab5d44476308386f39357f4ec2857e5edd056e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 93047d47c2367368302874bfa281a81e46e0b01fcfe54eac739ef562eefe5816
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 308da6540cb88d358977f36401ab5d44476308386f39357f4ec2857e5edd056e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3901D676205A066B861367756CA6F7B155BEBD9765720842CFC11F2293EA788C024064
                                                                                                                                                                                                                                                                                                                                                                      Function 006F000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?,?,?,006F035E), ref: 006F002B
                                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?,?), ref: 006F0046
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?,?), ref: 006F0054
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?), ref: 006F0064
                                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,006EFF41,80070057,?,?), ref: 006F0070
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: dab69579e75503b8c2ad3ea9c23316d9edccd2e1e9680e237f8d0552d3efb2cb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14f4b48fabafa4c08af75ed0cffd3312418cdd986e0d741471db099cc67540a2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dab69579e75503b8c2ad3ea9c23316d9edccd2e1e9680e237f8d0552d3efb2cb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1018F72600208BFEB214F68DC04FBE7AAEEF44751F148124FA05D6211DB75DD418BA0
                                                                                                                                                                                                                                                                                                                                                                      Function 006FE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 006FE997
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?), ref: 006FE9A5
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 006FE9AD
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 006FE9B7
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32 ref: 006FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ed09a8ab8af3f1e75db2aa2ec218d8770f1adc6c9dd0856c4f07471ff2318a7b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: dfd03b94430ed775e23972af890c3a21663b6f6631b5ecf7f76c6f8630e8923c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed09a8ab8af3f1e75db2aa2ec218d8770f1adc6c9dd0856c4f07471ff2318a7b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0C016D71C0162DDBCF10AFE4DC5A6EDBB79FF19700F004546E602B2260CB799556C7A5
                                                                                                                                                                                                                                                                                                                                                                      Function 006F10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 006F1114
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F1120
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F112F
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,006F0B9B,?,?,?), ref: 006F1136
                                                                                                                                                                                                                                                                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 006F114D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 087a341e85a1d01a45bfd649e8463f4661c17f197018e0a0562864c9b558cc89
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 56fcb68b3f2ce3c220edf0e2028ff83a7b43e245cb4ad3a9d4c6c8fd9e6c7868
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 087a341e85a1d01a45bfd649e8463f4661c17f197018e0a0562864c9b558cc89
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64013179500209FFDB224F69DC4AEAA3F6EEF863A0B104415FA45D7350DB35DC119E64
                                                                                                                                                                                                                                                                                                                                                                      Function 006F0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 006F0FCA
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 006F0FD6
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 006F0FE5
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 006F0FEC
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 006F1002
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 150a536e79646eb09d8dc655c8fb882a199bf74a6d1face58899c469e0871587
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1c2a9debf04bf0d43e9c78d45204ae4cfbb225b716cd700a078c5f13afd12883
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 150a536e79646eb09d8dc655c8fb882a199bf74a6d1face58899c469e0871587
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AF04F76200305EBD7324FA49C4AF9A3B6EEF9A761F108414FA45CB251CE74DC518A60
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006F102A
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006F1036
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006F1045
                                                                                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006F104C
                                                                                                                                                                                                                                                                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006F1062
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 17b992401b676ceb5d878d34386fd7da98a45e63172364ffb5825676b36378b5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0800082c96d7f6cc9af69d79809c734c688abfc075ca8dad7f4b52d68b7c1796
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17b992401b676ceb5d878d34386fd7da98a45e63172364ffb5825676b36378b5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3F06275200309FBD7325FA4EC4AF9A3B6EEF9A761F104414FA45CB250CE74DC918A60
                                                                                                                                                                                                                                                                                                                                                                      Function 0070030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0070017D,?,007032FC,?,00000001,006D2592,?), ref: 00700324
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0070017D,?,007032FC,?,00000001,006D2592,?), ref: 00700331
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0070017D,?,007032FC,?,00000001,006D2592,?), ref: 0070033E
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0070017D,?,007032FC,?,00000001,006D2592,?), ref: 0070034B
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0070017D,?,007032FC,?,00000001,006D2592,?), ref: 00700358
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,0070017D,?,007032FC,?,00000001,006D2592,?), ref: 00700365
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1123cd469ae7a7b465f858a13c14bea6aa70a336bc324f3cd1259c5b26fc3772
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: afd9612d7e974b18ab8549e7eafc9ad4ddbc0a63eb9130336a34d69bb3474f9a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1123cd469ae7a7b465f858a13c14bea6aa70a336bc324f3cd1259c5b26fc3772
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E01EE72800B01DFCB32AF66D880902FBF9BF603253158A3FD19252971C3B4A948CF80
                                                                                                                                                                                                                                                                                                                                                                      Function 006CD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD752
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000), ref: 006C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: GetLastError.KERNEL32(00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000,00000000), ref: 006C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD764
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD776
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD788
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006CD79A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1f86460991637a19f7dedaf61261f67778a0b4744d5e725d960f91ff660edaf3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b3b3ed112335da9c9292ca492532fcaed6b4fcd554de1d8e985aae5b158ef98d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f86460991637a19f7dedaf61261f67778a0b4744d5e725d960f91ff660edaf3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8F03C32540305AB8662FB65F9C5EAA77DFFB04711795481DF448E7601C734FC808678
                                                                                                                                                                                                                                                                                                                                                                      Function 006F5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 006F5C58
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 006F5C6F
                                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 006F5C87
                                                                                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 006F5CA3
                                                                                                                                                                                                                                                                                                                                                                      • EndDialog.USER32(?,00000001), ref: 006F5CBD
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3d7211cc7e39567e8fc29b393f2a80cb18f9501303850ed713b4338ae2e2bf5f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: fd157cfb22c6af21b20795bec74afcde2d221d591c9c79a33fb8cb1fc52c70c4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d7211cc7e39567e8fc29b393f2a80cb18f9501303850ed713b4338ae2e2bf5f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64016D30500B08ABEB315B10DD4EFAA77B9BF10B06F00555DA783A15E1DBF4AD898A95
                                                                                                                                                                                                                                                                                                                                                                      Function 006C22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C22BE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000), ref: 006C29DE
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C29C8: GetLastError.KERNEL32(00000000,?,006CD7D1,00000000,00000000,00000000,00000000,?,006CD7F8,00000000,00000007,00000000,?,006CDBF5,00000000,00000000), ref: 006C29F0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C22D0
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C22E3
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C22F4
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C2305
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 541d292cc7feba54ba44e71b7e717e948414ede880753754c27c0771aa565621
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cbb5c0952268fdd011978c6b3995c10e604cd5bcb7989945ac4fb11b0d7c7cb1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 541d292cc7feba54ba44e71b7e717e948414ede880753754c27c0771aa565621
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B9F03A709403229F8653BF55BC21EA93B66F718B61748850EF812D22B1CBBC1911EFEC
                                                                                                                                                                                                                                                                                                                                                                      Function 006A95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 006A95D4
                                                                                                                                                                                                                                                                                                                                                                      • StrokeAndFillPath.GDI32(?,?,006E71F7,00000000,?,?,?), ref: 006A95F0
                                                                                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 006A9603
                                                                                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32 ref: 006A9616
                                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 006A9631
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 80735fcbefb2db7e57315e6f3e83705a1fcc033993daf7a6dac6fb7c73a69335
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7e199233828c7ff0e5a32d47f4077a7ff22af70ea19493dfc499ab5f08bc785
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80735fcbefb2db7e57315e6f3e83705a1fcc033993daf7a6dac6fb7c73a69335
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51F03130405348DBEB365F55ED1D7A83B65AF12322F58C214F416651F0C7789952DF68
                                                                                                                                                                                                                                                                                                                                                                      Function 006C0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 05986e57ae237f37b3624ec8337fc2570d1ac8394d906ed6c2d807159b03ecc3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 77ac5902045965b2653debf93d24e1ce42dfc8a4cd4af92ddcefd6e88a54bfb0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05986e57ae237f37b3624ec8337fc2570d1ac8394d906ed6c2d807159b03ecc3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BDD10271A00286CADB249F68C855FFAB7B2EF07304F28415EE9059FB52D7399D81CB91
                                                                                                                                                                                                                                                                                                                                                                      Function 007161D0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B0242: EnterCriticalSection.KERNEL32(0076070C,00761884,?,?,006A198B,00762518,?,?,?,006912F9,00000000), ref: 006B024D
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B0242: LeaveCriticalSection.KERNEL32(0076070C,?,006A198B,00762518,?,?,?,006912F9,00000000), ref: 006B028A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B00A3: __onexit.LIBCMT ref: 006B00A9
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 00716238
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B01F8: EnterCriticalSection.KERNEL32(0076070C,?,?,006A8747,00762514), ref: 006B0202
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B01F8: LeaveCriticalSection.KERNEL32(0076070C,?,006A8747,00762514), ref: 006B0235
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0070359C: LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 007035E4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0070359C: LoadStringW.USER32(00762390,?,00000FFF,?), ref: 0070360A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeaveLoadString$Init_thread_footer__onexit
                                                                                                                                                                                                                                                                                                                                                                      • String ID: x#v$x#v$x#v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1072379062-802763304
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 9fe1b256df66adffca5ce0031068ea2d5754757a8ca35284194cf35f35bfce4e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e505d199a235123b12370e56aa3b2b4ba16042eb2de62cb1438a521e66c52504
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fe1b256df66adffca5ce0031068ea2d5754757a8ca35284194cf35f35bfce4e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7C17C71A00105ABCB14DF98C891EFEB7BAFF49310F10806DE9159B291DB78ED95CBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 006C5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: JOi
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-3250805554
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 95ecb5d98175627fc25770705052329883ca4b26b7f17e264b09414991c3f3f5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6aaa44eeef19d4add66074a3ae8cc2344aca3d14c1d4380fad7228c564002257
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95ecb5d98175627fc25770705052329883ca4b26b7f17e264b09414991c3f3f5
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC5190B5900609AFCB219FA4CD45FFE7FB6EF05310F14005EF406A7292D775AA828B65
                                                                                                                                                                                                                                                                                                                                                                      Function 006C8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000002,00000000,?,?,?,00000000,?,?,?,?), ref: 006C8B6E
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00001000,?), ref: 006C8B7A
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006C8B81
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: .k
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2434981716-1942414878
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4397f459c0212126218e7ae7a233e88c1a3366ad99fe17cc34a0697ab6a66cc6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 91ad4f5586a1e01b124324a6b07017e6bbc8d3b3c0b10f5349cc67b0e46176c2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4397f459c0212126218e7ae7a233e88c1a3366ad99fe17cc34a0697ab6a66cc6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B54147B0604145AFDB359F64C881FFD7BA7EB85304F2881AEE88587252DA758C128794
                                                                                                                                                                                                                                                                                                                                                                      Function 006F2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006F21D0,?,?,00000034,00000800,?,00000034), ref: 006FB42D
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 006F2760
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,006F21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 006FB3F8
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FB32A: GetWindowThreadProcessId.USER32(?,?), ref: 006FB355
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,006F2194,00000034,?,?,00001004,00000000,00000000), ref: 006FB365
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,006F2194,00000034,?,?,00001004,00000000,00000000), ref: 006FB37B
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006F27CD
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 006F281A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 91071619093516d5d88df13cecfd5775421c66f32658a144404c1fb76ff33348
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9de2af799325a3a56434d1aead6ed39f3481e9204b23a0232a50fe7e97fc8b05
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 91071619093516d5d88df13cecfd5775421c66f32658a144404c1fb76ff33348
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9413B7290021DAFDB10DBA4CD52AEEBBB9AF09300F109099FA55B7181DB706E45CBA1
                                                                                                                                                                                                                                                                                                                                                                      Function 006C172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\P0HV8mjHS1.exe,00000104), ref: 006C1769
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C1834
                                                                                                                                                                                                                                                                                                                                                                      • _free.LIBCMT ref: 006C183E
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop\P0HV8mjHS1.exe
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2506810119-739230321
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c855d266a86205da35e26b5ac1d36490b83c3f0ad5fe914e513c796729b14da9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 47499ac3ee44e75d7f929dffcb2a8db2ce86ed2d74d7436cf8438ce38e32d820
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c855d266a86205da35e26b5ac1d36490b83c3f0ad5fe914e513c796729b14da9
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8631B571A44208AFDB21DF998C85EEEBBBDEB87310B54416EE805DB212D6704A40C7A4
                                                                                                                                                                                                                                                                                                                                                                      Function 006FC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 006FC306
                                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 006FC34C
                                                                                                                                                                                                                                                                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00761990,010BCA88), ref: 006FC395
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bd6dd8b8ec9e02e5b7e837f7379991aec25f67d193e34ede97fafbd77b18b88b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a6000f21983502714d5d21ca74752b6221d54df04c1968a8c8a08d959e8f3579
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd6dd8b8ec9e02e5b7e837f7379991aec25f67d193e34ede97fafbd77b18b88b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FC41D2322083099FD720DF25D944F6ABBEAAF85360F10861DFAA5973D1C730E904CB66
                                                                                                                                                                                                                                                                                                                                                                      Function 00724416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0072CC08,00000000,?,?,?,?), ref: 007244AA
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32 ref: 007244C7
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007244D7
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                      • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 84dc669b909a715dc60db9becbbd526c40c85caf7bedae0d95744505372d106c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4975581b8f633ec69fad98b873466fa8bf91cac1ab6b54c67da7c9c17fb1be3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84dc669b909a715dc60db9becbbd526c40c85caf7bedae0d95744505372d106c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9631AD71200255AFDF219E38EC45BEA7BA9EF08334F204319F975A21D0D778EC619B50
                                                                                                                                                                                                                                                                                                                                                                      Function 006F6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SysReAllocString.OLEAUT32(?,?), ref: 006F6EED
                                                                                                                                                                                                                                                                                                                                                                      • VariantCopyInd.OLEAUT32(?,?), ref: 006F6F08
                                                                                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 006F6F12
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$AllocClearCopyString
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *jo
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2173805711-2290410944
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5036f8f59292df300b3414f1fc2e025b663e322b815fda06dda423266beb1dad
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 55b3c4b3b6f1140abdf5440d71f925da89a725f1f1d6a8ece730544d4686eae8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5036f8f59292df300b3414f1fc2e025b663e322b815fda06dda423266beb1dad
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD316F72609259DBCF05AFA5E8519BE77B7EF85300B140498FA024B2B1CB349912DB94
                                                                                                                                                                                                                                                                                                                                                                      Function 0071304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0071335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00713077,?,?), ref: 00713378
                                                                                                                                                                                                                                                                                                                                                                      • inet_addr.WSOCK32(?), ref: 0071307A
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0071309B
                                                                                                                                                                                                                                                                                                                                                                      • htons.WSOCK32(00000000), ref: 00713106
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 46a9c384ceb3313842c82a289c5ba5b008394fbca1790e99ce0a6bddfe5d477e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a2fd896247e0f70cf356d768d5a99575f95867eeb636cf5021cea7e8c723b1b5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46a9c384ceb3313842c82a289c5ba5b008394fbca1790e99ce0a6bddfe5d477e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE31B2356002059FDB20CF2CC585EE977E1EF18314F248099E9159B3D2DB79EE85C760
                                                                                                                                                                                                                                                                                                                                                                      Function 00724653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00724705
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00724713
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0072471A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1d86b854cf07ededb191130d20a6b5ccd5fb6bacb4ce5364247de65d69df2c78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cf215e140bb55da77075764073d3a5d06c378cb808c65d28768afa59a62ecb3e
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d86b854cf07ededb191130d20a6b5ccd5fb6bacb4ce5364247de65d69df2c78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62219DB5600218AFDB11DF64ECC1DBB37ADEF5A3A4B040059FA109B391CB78EC11CA64
                                                                                                                                                                                                                                                                                                                                                                      Function 006F95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 53b1152d6a1ea8dcdaf560ce1c5d3148fc70c0ab8b40aa8cddc123c3696e4817
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 47ea3df28e715d6ec5695e96924197d257454332f2665b7b66c000e35a6384b3
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53b1152d6a1ea8dcdaf560ce1c5d3148fc70c0ab8b40aa8cddc123c3696e4817
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A2108B210452566D731BB289C02FF773EFAF51310F14402AFA49DB242EB559D86C3B9
                                                                                                                                                                                                                                                                                                                                                                      Function 007237B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00723840
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00723850
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00723876
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 22850a48be98108962792f8207048aae28f3042fb5a5f760a928aafc14808614
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c497c695bac19e24733c6595519e0e68e8c37795512416320246d03198132d94
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22850a48be98108962792f8207048aae28f3042fb5a5f760a928aafc14808614
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7421A472610228BBEF218F54EC85FBB376EEF89760F118114F9059B190C679DC52C7A0
                                                                                                                                                                                                                                                                                                                                                                      Function 007049F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00704A08
                                                                                                                                                                                                                                                                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00704A5C
                                                                                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,0072CC08), ref: 00704AD0
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fdec8e7b057c62672dc7eb376bb1d2ee3455bc9287f96e7e1035a85f16bfe081
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d87b1bcd814d42efbb42fb39452903a72543d3e9ec96a9933199858cef39d007
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdec8e7b057c62672dc7eb376bb1d2ee3455bc9287f96e7e1035a85f16bfe081
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 983150B1A00109EFDB50DF54C885EAE77F9EF04304F148099E905DB252D775ED45CB65
                                                                                                                                                                                                                                                                                                                                                                      Function 007241EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0072424F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00724264
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00724271
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: fbdcfeb25cd1f18ebb813b2a988f5e16bd643745287002af127dfbcf9acb7b5a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7039e62c042fcfb28eb626b291a7844e3a819da3d800fce9e3725dd7e632a5c6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbdcfeb25cd1f18ebb813b2a988f5e16bd643745287002af127dfbcf9acb7b5a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE11E331240218BEEF215E29DC06FAB3BACEF95B64F010114FA55E2090D2B5D8219B24
                                                                                                                                                                                                                                                                                                                                                                      Function 006F2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006F2DC5
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 006F2DD6
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F2DA7: GetCurrentThreadId.KERNEL32 ref: 006F2DDD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006F2DE4
                                                                                                                                                                                                                                                                                                                                                                      • GetFocus.USER32 ref: 006F2F78
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F2DEE: GetParent.USER32(00000000), ref: 006F2DF9
                                                                                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 006F2FC3
                                                                                                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(?,006F303B), ref: 006F2FEB
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b98dd284dc7cf148151606ba44033c07c60da8abbbe872771931e9ae6dfe3c40
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0392fe557b7cef4b9754f42ef8466f1446fecbbb9e465ec3fccedf5b090afafc
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b98dd284dc7cf148151606ba44033c07c60da8abbbe872771931e9ae6dfe3c40
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5011A271600219ABCF557F60CC96EFD376BAF94304F048079FA099B252DE74994A8F74
                                                                                                                                                                                                                                                                                                                                                                      Function 00725882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007258C1
                                                                                                                                                                                                                                                                                                                                                                      • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 007258EE
                                                                                                                                                                                                                                                                                                                                                                      • DrawMenuBar.USER32(?), ref: 007258FD
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 6dd8168e44bfb89ce7347ee206e2510e460c149f1ad6c420333c7f9a64213d7c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f99a2d54d9367a7176b41195c65ba0d56e68403d0992f39d7d0ba39fec93679f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6dd8168e44bfb89ce7347ee206e2510e460c149f1ad6c420333c7f9a64213d7c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64018C31500228EFDB61AF51EC44BAEBBB5FF45360F1080A9E889D6151DB389A94EF35
                                                                                                                                                                                                                                                                                                                                                                      Function 006F007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 890a4acae8dc63b4aad1930474465cb6c8d130fee8eec39d1e047fd318ecd2e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: afaf98779643112802dc4419f3a775742408b5f436a8342b9311dcd8578c9383
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 890a4acae8dc63b4aad1930474465cb6c8d130fee8eec39d1e047fd318ecd2e0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FC12D75A0021AEFDB14CF94C894ABEB7B6FF48714F248598E505EB252D731EE41CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 0071342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 829dba8b34909bf87ec2891e1cc3b5d1c3819c7bd7421d0205ec8d143a66ff78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: baf320e1cb1a05c48653cfc806091bde7817cb21739ddc0e7f275c320410e95f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 829dba8b34909bf87ec2891e1cc3b5d1c3819c7bd7421d0205ec8d143a66ff78
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5A15D75204200DFCB50DF28C485A6AB7EAFF88720F05885DF98A9B3A1DB34ED45CB55
                                                                                                                                                                                                                                                                                                                                                                      Function 006F0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0072FC08,?), ref: 006F05F0
                                                                                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0072FC08,?), ref: 006F0608
                                                                                                                                                                                                                                                                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,0072CC40,000000FF,?,00000000,00000800,00000000,?,0072FC08,?), ref: 006F062D
                                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 006F064E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bb21b7a12dac96d71356eead7baec599aeffef491555abeed23b414be7d56fef
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 241087a469fae96b5e5d17c7e914ff5bfccb728b490f99b19c725fc24de76cc5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb21b7a12dac96d71356eead7baec599aeffef491555abeed23b414be7d56fef
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D811A75A00109EFDB04DF94C984EEEB7BAFF89315F204558E606EB251DB71AE06CB60
                                                                                                                                                                                                                                                                                                                                                                      Function 0071A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0071A6AC
                                                                                                                                                                                                                                                                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0071A6BA
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0071A79C
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0071A7AB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006ACE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,006D3303,?), ref: 006ACE8A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e36863210c621c0460d91dfb57004cbbcd48616fdc104d8e222ec32936aa248e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1398c5536425ddf4f86cba7e50ddbed9a13aa3a278421bee9ddb40e7d34e329d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e36863210c621c0460d91dfb57004cbbcd48616fdc104d8e222ec32936aa248e
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02515F71508300AFD750EF28C886A6FBBE9FF89754F40891DF58597291EB34D904CB96
                                                                                                                                                                                                                                                                                                                                                                      Function 006D1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: bae76f44c16471433604e067fe65caf677541e08675221e6aa3cf82375c35f33
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0f9185a9b3c3d72b2f170dacc311079da4a2be96c9cef4d8ee7108000fe83429
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bae76f44c16471433604e067fe65caf677541e08675221e6aa3cf82375c35f33
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82411471E005007ADB616FF99C46AFE3AE7EF42320F14422EF418CA392E6B489814365
                                                                                                                                                                                                                                                                                                                                                                      Function 00726278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 007262E2
                                                                                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00726315
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00726382
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2257b8e489f74e8a5b01ea84f5c67933c9ebd48a30efc83b615573abafe59faa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 01fbc2795b1a4a02a72b5efc282259588b57daf2d96c1224257e9541b88eaf73
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2257b8e489f74e8a5b01ea84f5c67933c9ebd48a30efc83b615573abafe59faa
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B516D74A00259EFCF21DF68E884AAE7BB6FF45360F10815AF9159B291D734ED41CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 00711AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 00711AFD
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00711B0B
                                                                                                                                                                                                                                                                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00711B8A
                                                                                                                                                                                                                                                                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00711B94
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 61800342d46d7d6fb3988b200bb0e9384ddc0a8221d0cfa7a9167c1095580ee0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a10ac44e6ab809e49d48d26fbd95c1e883dded29c99369cf4bcda4cc2e4d785
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61800342d46d7d6fb3988b200bb0e9384ddc0a8221d0cfa7a9167c1095580ee0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B41B274600200AFEB60AF24C886F6977E6AF44718F54C44CF6199F7D2D676ED818B94
                                                                                                                                                                                                                                                                                                                                                                      Function 006CB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 67936259473b232d48eaeedf98614c08b9b8d31f50dfc578758cc797a6023813
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 406faf54c22f3face149288a83c5c650f1f2bd11652aee00eec52ebef36846cb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67936259473b232d48eaeedf98614c08b9b8d31f50dfc578758cc797a6023813
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2241D375A44304BFD7289F78CC42FAABBEAEB88710F10852EF541DB392D771A9418794
                                                                                                                                                                                                                                                                                                                                                                      Function 007056D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00705783
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 007057A9
                                                                                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 007057CE
                                                                                                                                                                                                                                                                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 007057FA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 262f5c8e80a19ed64d76a4d216c704a379b858aa49051124f1fa14e4ba0b78ce
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 47de1654d2ae1b36b81e46738a3814f2269b533b75b57e371b96ad06e0166c0b
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 262f5c8e80a19ed64d76a4d216c704a379b858aa49051124f1fa14e4ba0b78ce
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF410939604610DFCF51EF15C544A5EBBE6AF89320B19C488E84AAB7A2CB34FD41CF95
                                                                                                                                                                                                                                                                                                                                                                      Function 006CD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,006B6D71,00000000,00000000,006B82D9,?,006B82D9,?,00000001,006B6D71,?,00000001,006B82D9,006B82D9), ref: 006CD910
                                                                                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006CD999
                                                                                                                                                                                                                                                                                                                                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 006CD9AB
                                                                                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 006CD9B4
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006C3820: RtlAllocateHeap.NTDLL(00000000,?,00761444,?,006AFDF5,?,?,0069A976,00000010,00761440,006913FC,?,006913C6,?,00691129), ref: 006C3852
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 5bd92f28217ae47143f2975ac0eaad4474495b1cf463d76c9dfa6063856855cf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5e788bb6dc144f1ba8c33c3ac3820a5c5a36460d5c4d46627a4288d367175e27
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5bd92f28217ae47143f2975ac0eaad4474495b1cf463d76c9dfa6063856855cf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F319AB2A0020AABDB259F64DC85EFE7BA6EB41310B05426CFC0496291EB35CD51CBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 007252C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00725352
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00725375
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00725382
                                                                                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007253A8
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e0ae38e490f3761055385b70dbc5a4901acff2d31502ef64e6e15b48a98a8ca6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c034a7c6bf277e593289e81881cbfa21adcbfb13cba86cbed5a59051b6a5ff18
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0ae38e490f3761055385b70dbc5a4901acff2d31502ef64e6e15b48a98a8ca6
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B431F630A55A28EFEF30DF14EC09FE837A5AB04394F586001FA11962E2C7BC9D40DB41
                                                                                                                                                                                                                                                                                                                                                                      Function 006FAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 006FABF1
                                                                                                                                                                                                                                                                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 006FAC0D
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 006FAC74
                                                                                                                                                                                                                                                                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 006FACC6
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b507dc5b3c2751b18813bfc343b8a3da32017f872a0c8d8fcac654873a81ab11
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 705f8caadadecd83788e0a95746088dd5d9dbec59c4b991b5c3180c7cd6456c5
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b507dc5b3c2751b18813bfc343b8a3da32017f872a0c8d8fcac654873a81ab11
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B3108B0A0471C6FFF35CBA58C157FE7BA7AB49310F04421AE689523D1C37989858756
                                                                                                                                                                                                                                                                                                                                                                      Function 00727674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 0072769A
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00727710
                                                                                                                                                                                                                                                                                                                                                                      • PtInRect.USER32(?,?,00728B89), ref: 00727720
                                                                                                                                                                                                                                                                                                                                                                      • MessageBeep.USER32(00000000), ref: 0072778C
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fd8e17b0430fe3003d892e6ed2ade779a3f92755323d52ac43cfe1751af415a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 01a968c0b4d4ff56f6df5dcfff2194864410d3e9b910f2155f7786ea7d939653
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fd8e17b0430fe3003d892e6ed2ade779a3f92755323d52ac43cfe1751af415a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC41AE34605265DFCB16CF58EA98EA977F4FF48314F5980A8E8159B361C378E942CF90
                                                                                                                                                                                                                                                                                                                                                                      Function 007216DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 007216EB
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 006F3A57
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: GetCurrentThreadId.KERNEL32 ref: 006F3A5E
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,006F25B3), ref: 006F3A65
                                                                                                                                                                                                                                                                                                                                                                      • GetCaretPos.USER32(?), ref: 007216FF
                                                                                                                                                                                                                                                                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 0072174C
                                                                                                                                                                                                                                                                                                                                                                      • GetForegroundWindow.USER32 ref: 00721752
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8913215128e8d541ccd368d51e3492b3e70f853a093fa0c7f6fb4d6a63611a26
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 14f4bb3002cdb54189c80325ce49f7585101e59be1077d19bc2bc18d0c4c8950
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8913215128e8d541ccd368d51e3492b3e70f853a093fa0c7f6fb4d6a63611a26
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32313271D00159AFCB10DFA6C881CAEB7FDEF98314B508069E415E7711E7359E45CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 00728FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 006A9BB2
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 00729001
                                                                                                                                                                                                                                                                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,006E7711,?,?,?,?,?), ref: 00729016
                                                                                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(?), ref: 0072905E
                                                                                                                                                                                                                                                                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,006E7711,?,?,?), ref: 00729094
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 29d37333c5dd8376923b647a59378d8eca04fa70ab7b532e56674d1607598c1c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7350e5f6243cb4da3c7ec5fca646c96b1e5dd13f1cc583ba247c1c3e613d4273
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29d37333c5dd8376923b647a59378d8eca04fa70ab7b532e56674d1607598c1c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E21BF31600128EFCB268F94D858EFA7BB9FF89350F184169FA0587261C339AD50DF60
                                                                                                                                                                                                                                                                                                                                                                      Function 006FD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,0072CB68), ref: 006FD2FB
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006FD30A
                                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 006FD319
                                                                                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0072CB68), ref: 006FD376
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: aa9255ba4f9479c69b8effcde321be25c9ccb7753d34fc9e84fd6f7901d0cbc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8390a63373ec308462528efd7e1602965f377e4f02821d468b90d5415968f121
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa9255ba4f9479c69b8effcde321be25c9ccb7753d34fc9e84fd6f7901d0cbc1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0F21A1725082059F8710DF28C8818BE77EAEE5A324F104A1DF699C72A1DB31E946CB97
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 006F102A
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 006F1036
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006F1045
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 006F104C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 006F1062
                                                                                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 006F15BE
                                                                                                                                                                                                                                                                                                                                                                      • _memcmp.LIBVCRUNTIME ref: 006F15E1
                                                                                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 006F1617
                                                                                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 006F161E
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 56ffd10dce86f1c2efdd8b9444010be958e335932ef703fcda8c7253cdf67bcb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 85b02d089d79086571f0091fdad8ae055d565da9b50d4f6b587b992ee83ffcff
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56ffd10dce86f1c2efdd8b9444010be958e335932ef703fcda8c7253cdf67bcb
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D218971E00108EFDF10DFA4C945BFEB7BAEF56384F088459E541AB241E735AA45CBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 00722782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 0072280A
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00722824
                                                                                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00722832
                                                                                                                                                                                                                                                                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00722840
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f7bdb96c3475c01c2db78113c3799c9ef1f37170c9d574161ca2a423a6f262ab
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 5574ee4554ac80964bcc310165c66676f3ca46c26a1342727d5d7828af74f42d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7bdb96c3475c01c2db78113c3799c9ef1f37170c9d574161ca2a423a6f262ab
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9921B231208121BFD7159B24D844F6A77A9EF45324F248158F5168B6A3CB79EC43C790
                                                                                                                                                                                                                                                                                                                                                                      Function 006F78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,006F790A,?,000000FF,?,006F8754,00000000,?,0000001C,?,?), ref: 006F8D8C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F8D7D: lstrcpyW.KERNEL32(00000000,?,?,006F790A,?,000000FF,?,006F8754,00000000,?,0000001C,?,?,00000000), ref: 006F8DB2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F8D7D: lstrcmpiW.KERNEL32(00000000,?,006F790A,?,000000FF,?,006F8754,00000000,?,0000001C,?,?), ref: 006F8DE3
                                                                                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,006F8754,00000000,?,0000001C,?,?,00000000), ref: 006F7923
                                                                                                                                                                                                                                                                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,006F8754,00000000,?,0000001C,?,?,00000000), ref: 006F7949
                                                                                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,006F8754,00000000,?,0000001C,?,?,00000000), ref: 006F7984
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f2fa494207bc6b38a67f9bf92f7d466a3ef4d9a3521d959ef0836bcae28a554
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d5bf812d9ff87aa2895f07e5b7c375f2213544b29fd3faca6cded9cd8a0cf323
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f2fa494207bc6b38a67f9bf92f7d466a3ef4d9a3521d959ef0836bcae28a554
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6611063A200205AFDB259F34CC45DBA77A6FF55350B40802AFA06C73A4EB719811C7A5
                                                                                                                                                                                                                                                                                                                                                                      Function 00725660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001060,?,00000004), ref: 007256BB
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007256CD
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007256D8
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 00725816
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e0a6128060e479eec45c821acda0f4de995db69472029582714aad50d3105755
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0f6dda8af88ab76af5be066df0b1c1f91765c8a34178fda164925a539c5af402
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0a6128060e479eec45c821acda0f4de995db69472029582714aad50d3105755
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1711E67160062996DF20EF65EC85EEE77ACEF10760F50806AF915D6081EB78DA80CF64
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 006F1A47
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006F1A59
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006F1A6F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 006F1A8A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c4068da0cd0cdb064fba2eef8090ee7426aa2fe63e73f60c41021b92be6d4ff0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 53628e1623ee32bda8133acd5bbba4d38f0e37a7b1743eef0cd7aa9581c52278
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4068da0cd0cdb064fba2eef8090ee7426aa2fe63e73f60c41021b92be6d4ff0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F911393AD01219FFEB11DBA5CD85FADBB79EB08750F200092EA00BB294D6716E51DB94
                                                                                                                                                                                                                                                                                                                                                                      Function 006FE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 006FE1FD
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 006FE230
                                                                                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 006FE246
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 006FE24D
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0770d2a44e74cfdf585ff1c12849c78c5c5208ce3c4bb435af326e347cff5103
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 787facdab64d71da78efb3692f0a457e72cdd7f1702097b54f0efe9b5c4a3c1f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0770d2a44e74cfdf585ff1c12849c78c5c5208ce3c4bb435af326e347cff5103
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45112B72D0435CBBD7119FA99C09AEE7FADEB45320F148619FA16D3391E2B5CE0087A4
                                                                                                                                                                                                                                                                                                                                                                      Function 006BD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,?,006BCFF9,00000000,00000004,00000000), ref: 006BD218
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 006BD224
                                                                                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 006BD22B
                                                                                                                                                                                                                                                                                                                                                                      • ResumeThread.KERNEL32(00000000), ref: 006BD249
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3bdc59418bd1185f5f8838822f26854d39f0e1968667426614749f15d233415d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e4849fef70c108a4cac30c79862f153182a11745cb7718a0feafaeb478f05920
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bdc59418bd1185f5f8838822f26854d39f0e1968667426614749f15d233415d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9401D6B64052047FCB215BA5DC05BEE7A6ADF81330F10421DFA259A1D0EB718A81C7A5
                                                                                                                                                                                                                                                                                                                                                                      Function 0069600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0069604C
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000011), ref: 00696060
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 0069606A
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ee21f1df0ff2bcecd5433b930e335009f07d893e8d616756ab975878fc2d2a9a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 488cd2b1c08e7fa5b0f63d47011d36ad8b452723e2e0a7f532251c7eb1f52735
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee21f1df0ff2bcecd5433b930e335009f07d893e8d616756ab975878fc2d2a9a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F611C472501608BFEF224F94CD84EEA7B6EFF18394F044105FA0452210C736DC61DB90
                                                                                                                                                                                                                                                                                                                                                                      Function 006B3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 006B3B56
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 006B3AD2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006B3AA3: ___AdjustPointer.LIBCMT ref: 006B3AED
                                                                                                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 006B3B6B
                                                                                                                                                                                                                                                                                                                                                                      • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 006B3B7C
                                                                                                                                                                                                                                                                                                                                                                      • CallCatchBlock.LIBVCRUNTIME ref: 006B3BA4
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 11b121259ae0babe3815cccaf7b0fda0927dfa007b4a9c55ce0de462fa58975f
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 030140B2200158BBDF116E95CC42EEB7F6EFF58754F044018FE4856221C732D9A1DBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006C3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,006913C6,00000000,00000000,?,006C301A,006913C6,00000000,00000000,00000000,?,006C328B,00000006,FlsSetValue), ref: 006C30A5
                                                                                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,006C301A,006913C6,00000000,00000000,00000000,?,006C328B,00000006,FlsSetValue,00732290,FlsSetValue,00000000,00000364,?,006C2E46), ref: 006C30B1
                                                                                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,006C301A,006913C6,00000000,00000000,00000000,?,006C328B,00000006,FlsSetValue,00732290,FlsSetValue,00000000), ref: 006C30BF
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3eef16b0b334e9194d4ec1d83f11ee2667a9eb3589d08ba3585805120871ae24
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e226d983398770be65507f826480692b72ee31bf4bbea2aaec69324d092ed08
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eef16b0b334e9194d4ec1d83f11ee2667a9eb3589d08ba3585805120871ae24
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5001B533301732ABC7314A68AC44EB77799EF05761B108628E906D3340C725D90286E4
                                                                                                                                                                                                                                                                                                                                                                      Function 006F7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 006F747F
                                                                                                                                                                                                                                                                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 006F7497
                                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 006F74AC
                                                                                                                                                                                                                                                                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 006F74CA
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 39fcb8b13f6e351d116d54b3dafd62effbb2a9090286ee573eff4fc173302ab8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c172876fb8a5fad0e1529db75e786195992c1b25e7b35e6a9b2ff00a155078e2
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39fcb8b13f6e351d116d54b3dafd62effbb2a9090286ee573eff4fc173302ab8
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD11A9B1209319ABE730DF24EC09BA67FFDEB00B00F108569EA16D7191D7B4E905DBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 006FB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006FACD3,?,00008000), ref: 006FB0C4
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006FACD3,?,00008000), ref: 006FB0E9
                                                                                                                                                                                                                                                                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,006FACD3,?,00008000), ref: 006FB0F3
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,006FACD3,?,00008000), ref: 006FB126
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3f8f25bd087871026e5cd0722bf3ce427529a2d1f67a5fa106c4b764b9beed11
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 6b0c893711779404d23a07452d55ec67b0453511837ee7d2c4d0382d1f300ab7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f8f25bd087871026e5cd0722bf3ce427529a2d1f67a5fa106c4b764b9beed11
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EA115B71C01A2CE7CF10EFE4E9696FEBB79FF1A711F109089DA41B2281CB345A528B55
                                                                                                                                                                                                                                                                                                                                                                      Function 006F2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 006F2DC5
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 006F2DD6
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 006F2DDD
                                                                                                                                                                                                                                                                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 006F2DE4
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8373bc9802edb9dcd71bf97416295ed9aaee927baef0f7eda9bfe6d8c358422c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 708dbecf9fd0acc0464440ccabb324bef7b1f19ac34a0b454658725be7ecbb84
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8373bc9802edb9dcd71bf97416295ed9aaee927baef0f7eda9bfe6d8c358422c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25E092711016287BE7311B729C0EFFF7E6EEF62BA1F404119F205D10809AA8C842CAF0
                                                                                                                                                                                                                                                                                                                                                                      Function 00728863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 006A9693
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: SelectObject.GDI32(?,00000000), ref: 006A96A2
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: BeginPath.GDI32(?), ref: 006A96B9
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006A9639: SelectObject.GDI32(?,00000000), ref: 006A96E2
                                                                                                                                                                                                                                                                                                                                                                      • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00728887
                                                                                                                                                                                                                                                                                                                                                                      • LineTo.GDI32(?,?,?), ref: 00728894
                                                                                                                                                                                                                                                                                                                                                                      • EndPath.GDI32(?), ref: 007288A4
                                                                                                                                                                                                                                                                                                                                                                      • StrokePath.GDI32(?), ref: 007288B2
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a52be1f5d818c2452b1d86165dc571a9900b8cd3b965c306d3726720a973817
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 39a488b95411032709e144bc37bbcba821389aedae759c7a04b9fe8b0ad23a6c
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a52be1f5d818c2452b1d86165dc571a9900b8cd3b965c306d3726720a973817
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFF03035041658B6EB235F94AC0DFCE3A596F16310F44C000FA11651E1C7B95511CFE9
                                                                                                                                                                                                                                                                                                                                                                      Function 006A98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000008), ref: 006A98CC
                                                                                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,?), ref: 006A98D6
                                                                                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 006A98E9
                                                                                                                                                                                                                                                                                                                                                                      • GetStockObject.GDI32(00000005), ref: 006A98F1
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 8d7607cc998a1d4eca3734908af6e452c7fd0638641ab11a42a91ce2a9024ab0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 1c3bff018128e9a5f2cf02a5ec40c3a00c35cfdb3b9b23592fb6e68de6e7fe94
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d7607cc998a1d4eca3734908af6e452c7fd0638641ab11a42a91ce2a9024ab0
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 99E0ED31240684AADB321B35AC0ABEC3F21AB22332F14C219F6FA580E1C3B546619B20
                                                                                                                                                                                                                                                                                                                                                                      Function 006F162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 006F1634
                                                                                                                                                                                                                                                                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,006F11D9), ref: 006F163B
                                                                                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,006F11D9), ref: 006F1648
                                                                                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,006F11D9), ref: 006F164F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: ffd3d7c62a9b59493c9b74a8e00444537c4039f1cca8c717382405fd85b15b8b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2fc3bf7059ba39f76b4fde3a5f24d2ca86dffa3df932c0823edb8b0a24de1d88
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd3d7c62a9b59493c9b74a8e00444537c4039f1cca8c717382405fd85b15b8b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CE08631601211DBD7301FA49E0DB9A3B7DAF657D1F14C808F345CE080D6384442C758
                                                                                                                                                                                                                                                                                                                                                                      Function 006ED858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 006ED858
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 006ED862
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006ED882
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 006ED8A3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0ceee02a6c6510abdad9b0b366fcedf5e1d29cdb37ff3dd4bf9aa7305869c195
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: e0da5d3183f5bd83522bcdc514f52d98a8df61898705002f231240832819a9d9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ceee02a6c6510abdad9b0b366fcedf5e1d29cdb37ff3dd4bf9aa7305869c195
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BE01AB1800204EFCF62AFA0D80866DBBB6FF18710F10C009F806E7250C7388902AF58
                                                                                                                                                                                                                                                                                                                                                                      Function 006ED86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 006ED86C
                                                                                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 006ED876
                                                                                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000000C), ref: 006ED882
                                                                                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?), ref: 006ED8A3
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 20e8d19f3cc7f7a25e917638a24800c806a7c35bd5d6aca6798a9873b9149164
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 26bcfb6d762a3f14f7bf983d56529130d1d37de71a06cf2a4ee3bc58be616f67
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20e8d19f3cc7f7a25e917638a24800c806a7c35bd5d6aca6798a9873b9149164
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAE09A75C00204DFCF62AFA0D80866DBBB6FF58711B148449F94AE7650D73C59029F58
                                                                                                                                                                                                                                                                                                                                                                      Function 00704D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00697620: _wcslen.LIBCMT ref: 00697625
                                                                                                                                                                                                                                                                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00704ED4
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 0b1cf0ef3f815606e7a53add91b96e91a13f92f84251f94524b9a95ae359f16a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ba894ba9b8190c0d1070a8644c58bd6e4a3d3a1e2cd783fd77ce42b93c8a99bd
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0b1cf0ef3f815606e7a53add91b96e91a13f92f84251f94524b9a95ae359f16a
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF917DB5A00205DFCB14DF58C484EAABBF5BF44304F198199E90A9F7A2C739ED85CB90
                                                                                                                                                                                                                                                                                                                                                                      Function 006BE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 006BE30D
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                      • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fcf4b6292853bc511334d94c7a5b593fd325108e8c2d25e0ede3e1cc2b3b541
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: b35e67dabb6ba02a4d33ed318619bb861e975086cd0c8fc998ce304bb7b5e4cb
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fcf4b6292853bc511334d94c7a5b593fd325108e8c2d25e0ede3e1cc2b3b541
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D516DA1A0C20296DB157714C901BF93BE7EF50741F34895DE0D6823E9DB3A8CD29F8A
                                                                                                                                                                                                                                                                                                                                                                      Function 00717771 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(006E569E,00000000,?,0072CC08,?,00000000,00000000), ref: 007178DD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00696B57: _wcslen.LIBCMT ref: 00696B6A
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(006E569E,00000000,?,0072CC08,00000000,?,00000000,00000000), ref: 0071783B
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper$_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: <su
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3544283678-4132268640
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d5af97873bdd60e5b9cde0f7e2be39c7bc98baf37c856e0bff5ce4e921e7c44f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 7bfb9a5c93579f4487d54c0e856e21889a99699e95ac0dc74576a9d740c2e10a
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5af97873bdd60e5b9cde0f7e2be39c7bc98baf37c856e0bff5ce4e921e7c44f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D614172914219AACF48EBE8CC91DFDB379BF14300B544129F542A7191EF386A49CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 006AE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: cccded11c5b3fe74c27fc0c52c3ef98819e822600d8bb10402a666d77f602b57
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ddf9ff8528280815a6bf4737a726dbc72f638f576497225143dbd732018f2285
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cccded11c5b3fe74c27fc0c52c3ef98819e822600d8bb10402a666d77f602b57
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E510235501386DFDF15EF29C4816FA7BAAEF66310F244059E8919B3C0D6369E43CBA0
                                                                                                                                                                                                                                                                                                                                                                      Function 006AF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000000), ref: 006AF2A2
                                                                                                                                                                                                                                                                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 006AF2BB
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 28f681b272369f4b567904564a5b094ac395f52181645e37a17e83c2a2d30d3b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: ccccb59a3c6658a819478b063c94fdb1fca4b97c44413aedb1de5927c8879d39
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 28f681b272369f4b567904564a5b094ac395f52181645e37a17e83c2a2d30d3b
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 675177724187449BD720AF10D886BAFBBFDFF85310F81884DF199410A5EB709569CB6B
                                                                                                                                                                                                                                                                                                                                                                      Function 00715745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 007157E0
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 007157EC
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e6977bc12e95309734f799a0dbe05ea353e7ea8738d67607c7565745737e98d2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8bd96c0abfc31380cea5d3980ec959c7061b772dacc9133032b7c203d529c188
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6977bc12e95309734f799a0dbe05ea353e7ea8738d67607c7565745737e98d2
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6A416D71A00109DFCB18EFA9C8859EEBBF5EF99314F10406DE505A7291D7349D81CBA4
                                                                                                                                                                                                                                                                                                                                                                      Function 0070D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 0070D130
                                                                                                                                                                                                                                                                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 0070D13A
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: |
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b665ce593bbca1be39ef5e0031743ec6014f0e276afe75aa41f4d3ddaae6b63f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 03d57d9c6186dd90c29683dde39739ff3a2adc71a5383865a53aa3d54155e2a6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b665ce593bbca1be39ef5e0031743ec6014f0e276afe75aa41f4d3ddaae6b63f
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5D312C71D00209EBCF55EFA4CC85AEE7FBAFF04344F000119F915A6166EB35AA46CB64
                                                                                                                                                                                                                                                                                                                                                                      Function 0072356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 00723621
                                                                                                                                                                                                                                                                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0072365C
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d6f6cb312e8a86b3fbe757139e18e6ad4550a40c44eaec50d74dc8550c8f802d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3af7c915c64862239c5ad181574b45541954a665b7014573b82181295e2c2371
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6f6cb312e8a86b3fbe757139e18e6ad4550a40c44eaec50d74dc8550c8f802d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F318F71110614AADB20DF38EC80EBB73ADFF98720F10861DF8A597280DA39AD91D764
                                                                                                                                                                                                                                                                                                                                                                      Function 00724537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0072461F
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00724634
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: '
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: b034f2eea021bc5eaa52610ca4eeb7b770ceb056d9dc789f2e717d0c8ccf74a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 66ecde8b9c41659efb0ab527fa4ea1b94196477fb4e884db0a08fbd03fbd5f66
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b034f2eea021bc5eaa52610ca4eeb7b770ceb056d9dc789f2e717d0c8ccf74a4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0E313674A0032A9FDF14CFA9D980BDABBB5FF09300F14406AE905AB381D774A951CF90
                                                                                                                                                                                                                                                                                                                                                                      Function 007231EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0072327C
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00723287
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: db7d000fad5df791a081b39afe1c324bdefde5bfe4e7940d8ca47690b09e3253
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: f7dbd5838673e25861b737a3defc6136eb5ab3f7c8faf2fe35c3e9f15dcb2f73
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: db7d000fad5df791a081b39afe1c324bdefde5bfe4e7940d8ca47690b09e3253
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD11E271300218BFEF21DE54EC84EBB3BAAFB94364F104128F918A7290D67D9D518760
                                                                                                                                                                                                                                                                                                                                                                      Function 00723710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0069604C
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069600E: GetStockObject.GDI32(00000011), ref: 00696060
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 0069600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0069606A
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0072377A
                                                                                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000012), ref: 00723794
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                      • String ID: static
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 38085a80ec3bf3628dbf91f86f002d9fef6b5d62a744eb097454469f24fc9086
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: cec2e90af6c3c81a9d843c8b4453b2a44481a07463ef64684efef7171bfc8dc6
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38085a80ec3bf3628dbf91f86f002d9fef6b5d62a744eb097454469f24fc9086
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 701159B261021AAFDF01DFA8DC85AEE7BB8FB18314F004514F955E2250D779E8219B50
                                                                                                                                                                                                                                                                                                                                                                      Function 0070CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0070CD7D
                                                                                                                                                                                                                                                                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 0070CDA6
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                      • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: f8897f26fd0cd844082d8f98cc7a31abb6aad517371b0b1a4f8f8f1b2da95c1d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: d30d3697cc459bfb033d7de9e10bdc8bff66e7f8661d7fcaec14421e12697bb9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8897f26fd0cd844082d8f98cc7a31abb6aad517371b0b1a4f8f8f1b2da95c1d
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D11A071315631BAD73A4B668C49EE7BEA8EF227A4F00432AB109831C0E6689945D6F0
                                                                                                                                                                                                                                                                                                                                                                      Function 00723429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 007234AB
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 007234BA
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a6b8e3c199ee071274d84855e09b98bd2722034451a04ac259110744343d61a1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 42faeb15ba4789f8ebd28448897c11c01aed7641e6fbb537403160a13dcaf7d0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a6b8e3c199ee071274d84855e09b98bd2722034451a04ac259110744343d61a1
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E11BF71100268ABEB22AE64EC44ABB376AEB14374F604368FA61931D0C77DED519B64
                                                                                                                                                                                                                                                                                                                                                                      Function 006F6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      • CharUpperBuffW.USER32(?,?,?), ref: 006F6CB6
                                                                                                                                                                                                                                                                                                                                                                      • _wcslen.LIBCMT ref: 006F6CC2
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                      • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 13301d3940b5e992119803deeeb0ee1d5418c8e6ab95d94e756eec52f7164f07
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 9ce4d1c3ccdae5b148bd38d0fee71745cd1f051d8b538e67bbe7f8e77b999af8
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13301d3940b5e992119803deeeb0ee1d5418c8e6ab95d94e756eec52f7164f07
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3501C43261052A9ACB21AFBDDC819FF77BBEF617107100528F9A296295EA31D941C660
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 006F1C46
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 71c711da2ca460518dd4ee7d1f11f3734983abc811da60cc36cfd2561f3bd714
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 557e4326480e376b42705736b78e402624d1a834bc5e980ec371636bb8b884b1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71c711da2ca460518dd4ee7d1f11f3734983abc811da60cc36cfd2561f3bd714
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C001FCB164010CA6CF04EB94CE51DFF73AE9B12380F10001DA91677281EA249F0CC675
                                                                                                                                                                                                                                                                                                                                                                      Function 006F1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006F3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 006F3CCA
                                                                                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 006F1CC8
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 1b12701a7b1a313225b071515ad257e50bc8e742d20b0aadf8bff4ff1ff4d403
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 06a9b4bcc88c794cf43bd62c40f712d98f201dffd860c32c15cf599c89b56ac0
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1b12701a7b1a313225b071515ad257e50bc8e742d20b0aadf8bff4ff1ff4d403
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2201D6B1A8011CA7CF14EBA5CF11EFE77AE9B12380F14001DB91277381EA699F09C675
                                                                                                                                                                                                                                                                                                                                                                      Function 006AA4D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 006AA529
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 00699CB3: _wcslen.LIBCMT ref: 00699CBD
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer_wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ,%v$3yn
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2551934079-3909673020
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: e65be96e2180e137ff6ad93c79719a032a4551908a4274b9af9e90e07bf8d6b4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3010f9bae5299f8028b387da7c98d6845df6e933758cf64b37a605bbd34445b7
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e65be96e2180e137ff6ad93c79719a032a4551908a4274b9af9e90e07bf8d6b4
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F01F731A006109BD954F7A8D817AAE775BDB06710F50006EF513572C3EF549D42CEAF
                                                                                                                                                                                                                                                                                                                                                                      Function 00728172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00763018,0076305C), ref: 007281BF
                                                                                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 007281D1
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                                                                                      • String ID: \0v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3712363035-4240960572
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c07fd01c8fece631999fb664955a0639fa3deea402cdcc54d119ca8962414737
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: c395068eaeaf41d34b9191dc089089862f8454777e6e37bf8d3d7cb3d5b6c6ee
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c07fd01c8fece631999fb664955a0639fa3deea402cdcc54d119ca8962414737
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FF05EF1640304BAF2216B61AC45FB73A9EDB04760F008425FB09D51A2D6BE8A58C3FD
                                                                                                                                                                                                                                                                                                                                                                      Function 0071747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 953b9d8a4caddfac0697be846e628f0b600cc28c81e3e2cb63322df2744fec46
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 29683f5211befd8c7eb819c47a6ca149ba01beaf791d960fd9e85e157bed2e36
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 953b9d8a4caddfac0697be846e628f0b600cc28c81e3e2cb63322df2744fec46
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBE02B422142A0109379227DACC19FF579ACFC97A0714182FFD81C22A7EE988ED1D3E4
                                                                                                                                                                                                                                                                                                                                                                      Function 006F0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 006F0B23
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 61ec9da27460f5017620f3e188febb5f8da7085b287bebbebaacb8be36f0b373
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 8729a194fba47d139b47d1ed9eeb5b8a9e479264a4675622f04581a62e201471
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61ec9da27460f5017620f3e188febb5f8da7085b287bebbebaacb8be36f0b373
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAE0D83124431836D2613794BC03FDD7A858F15B51F10042EFB88555C38AE6789046EE
                                                                                                                                                                                                                                                                                                                                                                      Function 006B0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006AF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,006B0D71,?,?,?,0069100A), ref: 006AF7CE
                                                                                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,0069100A), ref: 006B0D75
                                                                                                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0069100A), ref: 006B0D84
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 006B0D7F
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: a9bd2a2fc53d96a316f4dd25f15c2785d7b74f8d225099c23fc5341aa81a1940
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 78c02992743902c9ef35bbbbde80b01faa0d10770c465e8c56a92b3f0754a5b1
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9bd2a2fc53d96a316f4dd25f15c2785d7b74f8d225099c23fc5341aa81a1940
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDE06DB02003118BE3719FB8E8083867FF5BF10B40F00893DE482C6692DBB8E4858B91
                                                                                                                                                                                                                                                                                                                                                                      Function 006AE398 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • __Init_thread_footer.LIBCMT ref: 006AE3D5
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                      • String ID: 0%v$8%v
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 1385522511-1078031209
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: acb7768bf6b2a0282016d2cfdef47bb801442b08932e71460b648b169057b7da
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 3c01be2bf7c3322be753ac2b35052bfe4e5005fb364703b4b648e20d62e4eb7d
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: acb7768bf6b2a0282016d2cfdef47bb801442b08932e71460b648b169057b7da
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05E02631408E10CBDEA4B71CF894AC83397AB06320B1041FAE503872D3FB7A2C838A4D
                                                                                                                                                                                                                                                                                                                                                                      Function 00703017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 0070302F
                                                                                                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00703044
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                      • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: d2041985474b3f637df205ad215601a9c1966947e3e90f954f7f91be3efb312c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 2077bd14b42a0de304e4d6acee57cf74aedcdecc4d38c8143db3a0bd5c901054
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2041985474b3f637df205ad215601a9c1966947e3e90f954f7f91be3efb312c
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87D05B71500314A7DA3097949C0DFCB3A6CDB04751F4041517655D6091DEF49545CAD4
                                                                                                                                                                                                                                                                                                                                                                      Function 00722356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0072236C
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000), ref: 00722373
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FE97B: Sleep.KERNEL32 ref: 006FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: c3a2681da020d6b047b48c574b59d261c107dea5adacc19d25ef72f58fd08aaf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: 0b3fe1d92a08b426c9428536831ad07a1cd4d246fe0f457cc250867eaa129dc4
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3a2681da020d6b047b48c574b59d261c107dea5adacc19d25ef72f58fd08aaf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76D0A932380300BAE2B5A7309C0FFCA6A059B14B00F008A067701AA0E0C8F8A8028A18
                                                                                                                                                                                                                                                                                                                                                                      Function 00722322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0072232C
                                                                                                                                                                                                                                                                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0072233F
                                                                                                                                                                                                                                                                                                                                                                        • Part of subcall function 006FE97B: Sleep.KERNEL32 ref: 006FE9F3
                                                                                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1351480992.0000000000691000.00000020.00000001.01000000.00000003.sdmp, Offset: 00690000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351400308.0000000000690000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.000000000072C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351753056.0000000000752000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351885571.000000000075C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1351946616.0000000000764000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_690000_P0HV8mjHS1.jbxd
                                                                                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                      • Opcode ID: 4da61560c5ba5c845fa14cef50b53876502463b2bcad8fb43cf50e095edf11bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction ID: a1606f5fd9c68abd6db031cceb4b52b9994fec67e6c5152f6d4c4cf4e4e94ff9
                                                                                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4da61560c5ba5c845fa14cef50b53876502463b2bcad8fb43cf50e095edf11bf
                                                                                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7D02232380300B7E2B4B730DC0FFCE7A059B10B00F008A067705AA0E0C8F8A802CA18